DonationCoder.com Forum
Main Area and Open Discussion => Living Room => Topic started by: Curt on August 27, 2007, 06:12 PM
-
Right now I am very upset, very indignant: I have just recieved an email from myself!! Damm it, how do you block a spammer who is using your own email address as sender? I have never before been into any kind of contact with www.magicvalleyaeroclub.com or www.leximot.net - Oh, could I get my hands around these people's necks.... Let me be honest with you: I wanna hurt them! Where is the address to some Internet police?
[ You are not allowed to view attachments ]
[ You are not allowed to view attachments ]
-
Short answer - no idea... Long answer is that I use SpamBayes (http://spambayes.sourceforge.net/) :-* and never see this stuff - it just goes directly into my Junk Mail folder and I check it periodically before emptying it to make sure that no bona fide mail got filed there by mistake. It works with Outlook and other POP3 clients and is open source.
Oh, I *would* run a virus scan and an antispyware scan just to make sure that you haven't been breached!
-
PS googled this and came up with this discussion of e-mail spoofing (http://forums.hostmysite.com/about188.html)!
-
Really there is not much to be done.
No mystery, really... they got your email by harvesting some poor sap's outlook address book via some sort of malware or bought it from someone else who did and they use software that changes the From: field to match the To: field so to better trick spam blocking software (very easy to do with a text-modifying script...).
Most people don't have themselves in their "block" list.
The best protection would be to use a mail server or software that digs into the mail headers for suspicious info.
Spam should be added to Death and Taxes as unavoidable events...
-
I remember back when I was using Eudora (an early version - this was 1994/1995) - all I had to do to spoof an e-mail address was type the address into the "From" line of the e-mail message. Later I had to type it into a field in options for outgoing e-mail (this would have been around 1998). Times have most certainly changed!
-
What do you call the "titelbar" (see image) in Outlook / Outlook Express (- and what is it named in Danish...) :tellme:
I was thinking that it must be posible to block my own email address this way. Understand me right; I do not want to block myself, as I sometimes are mailing myself, but mails from myself have my full name in the titelbar, not my email address, so I was thinking that maybe I can stop it by blocking mails that have my email address in the titelbar?
[ You are not allowed to view attachments ]
-
This could be done (I'm sure - don't know how though!) But I think you'd still be advised to get some sort of anti-spam application in place. Unfortunately, if your e-mail address is in the wild, the least of your worries are people spoofing your e-mail address - just wait for the avalanche of spam promising to enhance, arouse or subdue you...
-
Curt, I would suggest either moving to a better email client that has proper antispam available (I personally use The Bat, but ThunderBird is closer to Outlook/OE interface, and comes with very nice anti-spam built in).
The alternative is to find a decent spam filter for Outlook/OE; the ones I've tried did cause some instability for OE every now and then, though.
But really, do consider Thunderbird - it's less likely to get exploited than OE, since it doesn't use the IE web control for HTML mail rendering, which OE does.
-
SpamBayes (already mentioned) or Robin Keir's excellent K9 (http://keir.net/k9.html) would mark the mail as spam because of the content not because of its receipient.
To avoid any infection you can run Outlook Express as a regular user even though you're administrator. See http://Dropmyrights
-
Curt - go get POPfile or SpamBayes and install it.
POPfile 'sees' all your email before it gets to your inbox and inserts a line int he header to flag the content (and can optionally prefix the subject field with anything you want). It is a general filtering system which is useful in its own right and gets very accurate after a surprisingly short time. The only disadvantage is that you use a browser window to alter options and to crrect errors that creep in (esp. early on while it learning your rules). It is particularly effective at SPAM trapping. Just tell it what you consider spam and within a few days I'd guess it is about 95% accurate - and gets progressively better the more you train it. After a month or so it is pretty much 100%.
Go to http://popfile.sourceforge.net/ to download it. If you like it and want to keep using it in the future remember to back up your POPfile database so that you can retain the learning if/when you need to reinstall windows.
Depending on the mail client software you use it will automatically configure your email accounts to work properly. If you use Outlook you can set up a quick link to open the POPfilee config page automatically within Outlook which is very handy (see the help file on the website).
-
justice: dropping rights does help, but there's still local privilege elevation exploits to worry about; I wouldn't recommend anybody to run outlook express (or anything else using the IE rendering engine).
With (the freeware version of) AntiSpam Sniper for The Bat, I've had 8776 identified and 254 unidentified spam messages since March 4... that's less than 3% spam going through, pretty okay imho. With the full version, it offers access to some spam lists etc., which would probably get it close to 100% identified.
-
I have spammers sending spam using one of my domains, and it seems there's nothing I can do. I even set up SPF in DNS, which says which only machines are ever going to send legitimate mail for my domain, but almost nobody checks these :(
I do get swamped with the postmaster notifications and the occasional hate mail or mail bomb back. To which I usually respond as abusively as the sender mailed me (starts at "you muppet, did you really think the spammers are using their own domain? you just insulted another victim and since you are in their database it seems likely they will use yours too. See how you like it when you get the nasty mail" to much much worse depending on what they sent me)
Not fun
Anyway SPF can help you there - technically no matter what domain you are using you should be able to configure (or get the ISP to configure) so it sets all the legitimate mail servers that may send mail from your domain/address. Then you should be able to set your client to check this - thus refusing spam in your name which doesnt come from the right origin.
-
Thank you, friends, for all the advices; I really appreciate it. :up:
However, if you please will forgive me saying so, In my little mind you are all kind of missing the point, because I gave too little informations. I have SPAMfighter installed, and it is so good that less than ONE spam mail per day or even per week will get through the filter (sensitivity: Normal)- I receive some twenty to thirty mails a day + DonationCoder + RSS. You have suggested little improvements, if any. How does one block a mail that has my own email address in the "From" box? I am not going to block my own email address (my email address may of course be blocked, but not ME, if you know what I mean, I still wanna be able to mail myself), and I am not going to have some third party filter decide what kind of content I can send to myself!
Edit: I must admit that I didn't understand what iphigenie told me to do.
What is SPF?
-
Are you saying that a third party is sending emails out using your address so that it would appear they came from you?
-
I have no garantee if he was sending to me only or to many, but Yes, he is sendning mails to at least me using my email address in the "From" box - see image in initial post.
-
Curt: the spam filter should be blocking mails based on the content of the mail body, not just any of the header lines (to/from/subject). I thought SPAMfighter would do that, if not - it's useless.
There's little you can do about that trick anyway, and I can't see how that SPF thing would help even the slightest; all that's being done is using a bogus "From: " field in the mail header... it doesn't involve using your domains SMTP server or whatever.
-
As f0dder says you should filter on content of the emails not the email address. If you filter on content you can block emails sent using any email address (even your own) without affecting legitimate mail.
That is one of the reasons I mentioned POPfile. It isn't a spam filter - when it is installed it knows nothing at all about spam. The point is that based on email content (not the header) it can accurately filter mail in any way you choose. One of thos ways is if you tell it which emails you consider spam.
As to overcoming the initial problem of stopping someone using your email in this way I have no idea. I have 5 domain names and I'd guess I get 200+ emails a day that are address to fictitious addresses beased on those domain names and also appearing to be sent from one of my legitmate addresses.
I have come to the conclusion the only solution is to filter them out in whatever way suits you and delete them. Reporting them to anti spam sites doesn't seem to have any effect whatsoever (apart from using up your precious time).
If anyone knows any method of reporting abuse of an email address or domain that works I would like to know. The only way I can see of doing it is forcing hosting servers to validate that every email is actually sent via that server before delivery - but how or by whom that would be implemented I don't know. The only other alternative is to block all but digitally signed email (a bit like SSL websites) - but that would be expensive and rule most people out the email system at the moment.
Yahoo have started using a system called "Domain Keys" which tells you if the email actually originated from the domain it claims. However, they seem to be doing that on some sort of lookup table basis which is far from complete.
-
Well, a bunch of internet protocols are extremely lame, and SMTP is one of them. "Yes, but security wasn't a concern once they were created" - sorry, no excuse.
-
Curt - do you still have the offending e-mail? If so, have you "told" Spam Fighter that it is Spam? If not, I'd just identifiy it Spam Fighter as spam and move on. As fodder points out, your spam filter should be looking at both the header and the body (text) of the e-mail and shouldn't block legitimate e-mail from you. Try it and then send yourself a legitamite e-mail and see if it gets through - you can always go back to the original spam and tell Spam Fighter that it is not spam.
Also, my ISP and Yahoo both have a feature similar to PopFile built in. I have to access both via webmail to adjust settings, but I can configure both to insert a block of text at the start of the subject, enclosed in [] to identify it as potential spam. It's useful, though SpamBayes is so good it diverts these straight into my Junk Folder. Just a thought... Check out your ISP and webmail (if it's available) - you might find that you've already got this built in, so to speak.
-
As to overcoming the initial problem of stopping someone using your email in this way I have no idea...I have come to the conclusion the only solution is to filter them out in whatever way suits you and delete them. Reporting them to anti spam sites doesn't seem to have any effect whatsoever (apart from using up your precious time).
Yes - I'd like to highlight this comment (emphasis is mine). It's been made before but must be made again - don't waste your time trying to stop this at the source as you will be wasting your time (sorry, I realise that this sounds defeatist!) - you're better off taking Carol's advice and filtering the offensive e-mails and getting on with your life! Of course if you do figure out how to stop this completely PLEASE let us know!
-
To classifiy SPAMfighter (http://www.spamfighter.com/) as "useless", is not being serious.
SPAMfighter is of course just another anti-spam filter -
(and I really don't know or care what technique it is using):
When a new e-mail arrives, it is automatically tested by SPAMfighter. If it's spam, it will be instantly moved to your SPAMfighter folder. ... >
- but SPAMfighter is firstly and most important a community:
> ... If you receive a spam mail that is not detected, click on a single button, and the spam mail is removed from the rest of the 3.739.694 SPAMfighters in 217 countries in seconds.
- and if the anti-spam filter is saying "this mail is spam" and you think 'not', then it is extremely easy for you to get the mail anyway: just open the SPAMfighter folder and have a look! Many of the apps recommended here will not give the user any chance to evaluate the mail that has been rejected by the filter - and I find such behavior unacceptable.
SPAMfighter also is:
SPAMfighter Exchange Module (SEM), is the easy-to-use anti-spam solution for Microsoft Exchange Server 2000, 2003 and 2007.
Read about SPAMfighter Exchange Spam Filter (http://www.spamfighter.com/product_sem.asp)
SPAMfighter SMTP Anti-Spam Server is the easy-to-use anti-spam solution for SMTP Servers for anyone from small businesses to service-provider.
Read about SPAMfighter SMTP Anti Spam Server (http://www.spamfighter.com/Product_SMTP.asp)
SPAMfighter Hosted Spam Filter, is the easy-to-use anti-spam solution for companies, organizations and individuals that have their own domain name and want a hosted solution.
Read about SPAMfighter Hosted Spam Filter (http://www.spamfighter.com/hostedsmtp_frontpage.asp)
SPAMfighter SMTP Anti Spam Server, and Hosted Spam Filter support the following mail servers: ArGoSoft, CMailServer, CommuniGate, Courier, DynFX, GroupWise, IMail, Kerio, Domino, MDaemon, Merak, MERCUR, MS SMTP MAIL Service, Netscape Messaging Server, NTMail, Postfix, QMail, Sendmail, Winmail, Winroute, WorkgroupMail, XMail and more.
-
One of the things I dislike is the community approach. Every time I have used a similar approach I find loads of email gets classified as SPAM because too many members of the community use the spam sighting engine as a quick way to delete unwanted emails such as newsletters that are not really spam but people are just too idle to unsubscribe properly. Consequently you find yourself wading through hundreds of adverts for "penis extensions" and "viagra" to find the mail you consider legitimate rather than simply pressing delete.
-
I don't know what app you are referring to, Carol, but it is not SPAMfighter. Once you have clicked "allow", the sender will never be deleted no matter what others may think of it.
-
Actually, there is a way to stop this, though it's painful. I had the same problem with my domain. Basically, they are using a legitimate address to lower their spam score in spam filters- that's the major reason they want to use your address. So, the easy way to make it not worth their time is to switch e-mail addresses (like I said- painful). I started using a different address on my domain as my primary address and dropped that old one. When I recreated that e-mail addy a month later, I wasn't getting any of these bounces. Since it was no longer a valid e-mail address, it no longer helped them reduce their spam score, so they stopped using it! But yeah, that's the only way. I even tried tracing the guy's ip and notifying his isp- he's in russia, so they did nothing about it!
-
- don't waste your time trying to stop this at the source as you will be wasting your time (sorry, I realise that this sounds defeatist!) - -Darwin
I "SPAMfighter-blocked" the spam mail (from the initial post in this thread), and then tried to send a mail from me to me. The first one was blocked by Outlook Express (OE), so I told OE to mark mails from me, and then I send off another mail from me to me. This one went all through. But I will of course have to wait and see if "he" (the guy I wanna hurt) ever sends me another mail (from "me"), before I know if the trick has worked the way I am hoping.
Thank you all for the advices! :up:
-
One other thing I did when I got worried about security/fed up with spam was switch from Outlook Express to Outlook. It's not to bad a learning curve and I could never go back now. I dimly recall you talking about having switched in the other direction, Curt, but am not sure. Anyway, I bring it up now because of one feature: in Outlook Express if you enable auto-preview it auto-previews in all folders. In Outlook you can customize this feature for every folder. It's useful when you are dealing with spam. I have my "unread mail" folder setup W/O autopreview along with my junk mail and junk suspects folders. This way I can tell at a glance what is where and act accordingly. Likewise if I leave my main mail folder open and come back to Outlook later there is a reduced chance of me viewing malicious content because chances are high that it's already been diverted into either junk mail/junk suspects.
If you're worried about newsgroups and such, I initially went with Newsgator (still have a current licence) but found over time that I actually don't mind having to open up Outlook Express for newsgroups and Feeddemon :-* for RSS, even this actually kept me wed to OE for about a year beyond when I knew I should make the change... Just my take on this...
-
I don't know what app you are referring to, Carol, but it is not SPAMfighter. Once you have clicked "allow", the sender will never be deleted no matter what others may think of it.
-Curt
The problem is that a number of legitimate and useful newsletters are sent from different email addresses for each issue - in this case you can't "allow" and address because you don't know what it is until it arrives. If other people have marked some of the previous emails as spam because they are too idle to unsubscribe it can have a long term effect on all other users of the service who then have all the email dumped in the Junk mail pile.
I haven't tried SPAMfighter because I tried so many similar services for other 'community' approach spam filter companies and they all caused me major annoyance. I am not saying SPAMfighter is bad but now I rely on my own resouces to filter Spam - and I'd guess my filtering system (based on POPfile bayesian analysis of the content) is over 99.9% effective without having to depend on external services or internet connections for checking incoming mail.
One of the nice features of POPfile is that it tells you how many messages it has classified incorrectly (based on you having to correct it) so you can see how quickly the sorting process gets increasingly accurate. The great thing is you are limited to filtering spam.
For example you can filter all emails relating to "photography" or "security" or "shopping" (or whatever) so that you can filter email without having to set up lots of complicated rules in your email client. All you have to do is when you set up the filter is give it a batch of emails that are eg. shopping emails and a batch that aren't - it then very quickly works out what characteristics are common to 'shopping' emails.
-
One of the nice features of POPfile is that it tells you how many messages it has classified incorrectly (based on you having to correct it) so you can see how quickly the sorting process gets increasingly accurate. The great thing is you are limited to filtering spam.
SpamBayes will allow you to check on this kind of information as well. It's been flawless for me, with no false positives, for years. PopFile sounds interesting, too (never tried it).
-
One other thing I did when I got worried about security/fed up with spam was switch from Outlook Express to Outlook. It's not to bad a learning curve and I could never go back now. I dimly recall you talking about having switched in the other direction, Curt, ...-Darwin
Yes, I have been forced to replace my darling Outlook with Outlook Express (my Office 2003 will not repair / re-install) until I manage to repair this XP or get a new PC.
I have been told that the auto-preview is a security risk?? For this reason I only had the feature enabled in subfolders (in Outlook), and don't use it in Outlook Express. But I do miss it, along with a lot of other features...
As for newsgroups, I was using RSS Popper (http://rsspopper.blogspot.com/2004/10/home.html) in Outlook, so I never needed Outlook Express.
The problem is that a number of legitimate and useful newsletters are sent from different email addresses for each issue -Carol Haynes
- that would of course be a problem. Only, I have never heard of such newsletters. Are they for some closed circle only? Sorry for asking, it really is no concern of mine.
-
Yes, I have been forced to replace my darling Outlook with Outlook Express (my Office 2003 will not repair / re-install) until I manage to repair this XP or get a new PC.
This sounds ominious - I thought that ths was a relatively new PC?
-
Yes, you are right, Darwin, your memory serves you well. I bought this machine February the 24'th, but from day two I was disappointed with it. However, I expected that I had installed too many programs for the memory to handle (150 apps on the first day), so I delayed my reactions, thinking that the problems would go away when I purchased and installed some more RAM. As time has gone bye, I have come to realize that memory alone will not do the trick. There is something basically wrong with either the hardware or the i386 (reinstalling XP didn't help), but I haven't got a clue of what it may be - I can only tell about the symptoms. The situation has of course been worsed by my poor understanding of secure behaviour for Windows users. You know; "do you really want to delete this backup file?" and such. Well, I didn't actually delete a backup file, but the principles are just about the same, I guess; very often I am too hasty to act, and too slow to react (sorry): too slow to undo, and such.
-
Your machine isn't running an i386 processor, is it? Surely it's at least a Pentium of some flavour - that must be a typo - i586? Anyway, that is disappointing and I hope you get it sorted out soon!
-
I was merely referring to the installation CD's folder, C:\WINDOWS\I386
- which I used to reinstall SP2
CPU Name : Intel Celeron D (Cedar Mill-V)
Vendor String : GenuineIntel
Name String : Intel(R) Celeron(R) D CPU 3.33GHz
Thanks, Darwin, for hoping ;)
-
Ah, that makes sense! Let us know if there is anything that we can do to help troubleshoot your problem.
-
You can bet that I will let you all know.... 8)
But it all begins with repairing the CD drive. A CD "exploded" while playing, and there are thousands of little pieces of the disc preventing the door from closing - and so far I haven't had the courage to open the tower, in order to fix it.
-
Curt - buy a Pioneer DVD+-RW DL drive - and chuck out the old drive. You can get a brand new Pioneer drive for about $16/$30 and they are fantastic and burn any format you like. For example see http://www.overclockers.co.uk/showproduct.php?prodid=CD-044-PO (not exactly known as a cheap supplier but this seems to be a common price for these drives. I have 4 of the - well actually the previous model - and they are fantastic).
-
I "SPAMfighter-blocked" the spam mail (from the initial post in this thread), and then tried to send a mail from me to me. The first one was blocked by Outlook Express (OE), so I told OE to mark mails from me, and then I send off another mail from me to me. This one went all through. But I will of course have to wait and see if "he" (the guy I wanna hurt) ever sends me another mail (from "me"), before I know if the trick has worked the way I am hoping.
-Curt
Ummm, so after you blocked the spam mail and sent yourself a mail, that mail was blocked?
So, with this "community based" approach, won't that mean that everybody else using spamfighter will not be able to receive mails from you, only yourself since you explicitly allowed mails from yourself?
-
No, at least five persons have to block a mail before it is blocked in general. And then they may still recieve it, but in the SPAMfighter folder, so they can accept it (or not) if they want to. You cannot block me from mail I want to recieve.
-
@ Carol, Oh, I would really like to have a Pioneer drive... oh yes! However, the DVD RW that came with the machine half a year ago, is (was) of reasonable quality (though made in China). I guess I will save my money and go for a new duo/quad core PC.