Bombarded with false emails

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hi Guys,
I could appreciate some advice, I am starting to get hundreds of emails(I
use outlook express) a day some from myself(or from my server address), and
loads from Russia Romania etc MAILER DELIVERY SYSTEM or MAILER-DAEMON.

It driving me nuts, I have contacted my isp and according to them all they
can do is report it to something like Spamcop, is there anything I can do to
stop or reducet the spam (other than change my email address)

Your help is appreaciated

Bob



Re: Bombarded with false emails

On Sun, 11 Jan 2009 19:26:59 +0900, in alt.comp.anti-virus, "BH"

 ... Hi Guys,
 ... I could appreciate some advice, I am starting to get hundreds of emails(I
 ... use outlook express) a day some from myself(or from my server address), and
 ... loads from Russia Romania etc MAILER DELIVERY SYSTEM or MAILER-DAEMON.
 ...
 ... It driving me nuts, I have contacted my isp and according to them all they
 ... can do is report it to something like Spamcop, is there anything I can do
to
 ... stop or reducet the spam (other than change my email address)
 ...
 ... Your help is appreaciated
 ...
 ... Bob
 ...

www.mailwasher.com


=====
It sounds much better in French, but then, everything does.

Re: Bombarded with false emails



Hi Guys,
I could appreciate some advice, I am starting to get hundreds of emails(I
use outlook express) a day some from myself(or from my server address), and
loads from Russia Romania etc MAILER DELIVERY SYSTEM or MAILER-DAEMON.

It driving me nuts, I have contacted my isp and according to them all they
can do is report it to something like Spamcop, is there anything I can do to
stop or reducet the spam (other than change my email address)

Your help is appreaciated

Bob

get Gmail
--
Tommy



Re: Bombarded with false emails





Hi Guys,
I could appreciate some advice, I am starting to get hundreds of emails(I
use outlook express) a day some from myself(or from my server address), and
loads from Russia Romania etc MAILER DELIVERY SYSTEM or MAILER-DAEMON.

It driving me nuts, I have contacted my isp and according to them all they
can do is report it to something like Spamcop, is there anything I can do to
stop or reducet the spam (other than change my email address)

Your help is appreaciated

Bob

get Gmail
--
Tommy

ps. and forward all your other email to gmail
--
Tommy




Re: Bombarded with false emails

Quoted text here. Click to load it

I strongly suggest a virus scan.

AVG    http://www.avg.com /
Avast   http://www.avast.com
On-line scan    http://housecall.trendmicro.com

Ben

Re: Bombarded with false emails



Quoted text here. Click to load it

This -  AVG    http://www.avg.com /
would appear to be a link to software that you previously explained in a
post "How to Uninstall AVG8" was such a pain to get rid of ...
snip
 When I
uninstalled AVG8, I was surprised how many files it left behind in my
registry there uninstaller did not take out.

 


Re: Bombarded with false emails



BH wrote:
Quoted text here. Click to load it
Your machine is probably infected.
Try the following two free programs.
MalwareByte's AntiMalware (MBAM)
SuperAntiSpyware (SAS)
Dl, install, update and then run them one at a time until the first one
doesn't find any more problems.
It usually helps to first delete your Temp Internet Files (TIF), delete any
cookies you don't need,delete your temp files,empty your Recycled Bin.
If it's clean try one of the suggestions from others , such as mailwasher.
Buffalo



Re: Bombarded with false emails

Buffalo wrote:
Quoted text here. Click to load it

I don't think it's his machine, but somebody else's. His address has
been hijacked by a spammer. Could have been hi-jacked directly from his
machine, but just as likely to be hijacked from a friend's machine.

Quoted text here. Click to load it

Good general advice, which I second, strongly.

--
Wolf Kirchmeir

Re: Bombarded with false emails



Wolf Kirchmeir wrote:
Quoted text here. Click to load it
[snip]

Quoted text here. Click to load it

Your observation is ,most likely, more accurate.



Re: Bombarded with false emails

BH wrote:
Quoted text here. Click to load it

Someone has hijacked your address, and the most likely source is a
friend's computer. It may even be that that friend's machine is a
zombie, mailing out or relaying those messages under the control of the
sources of the spam. There's nothing you can do to stop them.

So I'm afraid the only cure is to change your e-mail address. Too bad,
but that's the way it is.

FWIW, we had to change my wife's e-mail address when we began receiving
"bounced mail" messages. Someone was using her address to send hate-mail
of the usual racist kind. Other information within the messages helped
us guess that a) someone's computer was a zombie; and b) the likely
identity of the hi-jacked computer. We were right both ways. When
informed, our friend was horrified at what his computer was doing
unbeknownst to him, cleaned it up, and has been become almost as
paranoid about security as I am. ;-) But the e-mail address was already
compromised, so we changed it.

HTH

--
Wolf Kirchmeir

Re: Bombarded with false emails

wolfkir@sympatico.ca says...
Quoted text here. Click to load it

and that normally ends in about 2 weeks, so changing the email address,
if it's one that family/friends or customers know, is not always an
option.


--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
  drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Re: Bombarded with false emails

BH wrote:

Quoted text here. Click to load it

And this had what to do with anti-virus, the topic of this newsgroup?

Do you often send yourself e-mails?  If not, create a rule in your
unidentified e-mail client that checks if your e-mail address is in the
From header.  If so, mark it read and move to Junk or Trash folder, or
permanently delete it if your e-mail client has that option (but then
you won't be able to retrieve if it was a false positive).  Spammer use
the recipient's own e-mail address as the sender's e-mail address
knowing that it is highly unlikely that users will add themself to their
Blocked Senders list.  That is, users don't blacklist themselves so
spammers pretend the user sent themself an e-mail.

Because you might send yourself test e-mails, or send a reminder to
yourself occasionally, put a passcode string in the Subject.  Use a rule
to whitelist any e-mail that has the passcode in the Subject.  Use some
oddball string that is not likely to appear in the Subject.  Can be
anything, like "##B.H@12##".  It doesn't have to be too long (4 to 6
alphanumeric chars along with non-alphanumeric characters).  The
whitelist rule is at the top of your rules list.  It merely check if the
string is in the Subject and, if so, doesn't do anything with it (so it
remains in your Inbox) but you might want to colorize it.  When you send
test or reminder e-mails to yourself, just add the passcode to the
Subject to ensure it doesn't pass through the gauntlet of your other
anti-spam rules.  If you use this scheme, check if you can define
server-side filters in your e-mail account (i.e., use the webmail
interface to your account to add filters up on the server).  Check for
the passcode and, if present, leave in your Inbox.

Do you want to accept e-mails that are not addressed to you?  If not,
use a rule to check if your e-mail address is in the To or Cc headers.
If not listed, you junk or trash the e-mail.  Be aware that many bulk
mailers or listservers do not put your e-mail address in those headers
(they are NOT used to specify the recipient of an e-mail and are *data*
that the user's e-mail client puts inside the message).  So you need to
use a whitelisting rule at the top of your rules list for filtering in
any newsletters, forum messages, or other subscribed mailings to keep
those in your Inbox.  Also, anyone adding you to the Bcc field (for
which there is no Bcc header in their e-mail) means no recipient gets to
see to whom that e-mail was sent.  That means your e-mail address won't
be in the To or Cc headers when someone BCC'ed you.  Rather than junk or
delete an e-mail where your e-mail address is not in the To or Cc
headers, just colorize it to flag it as a suspect e-mail.  I move those
into the Junk folder but do NOT mark it as read which means I'll see the
Junk folder is bolded because there is an unread e-mail in there.  I use
auto-archiving on the Junk folder to permanently delete items that are
over a week old.  I have a week to visit the Junk folder to check for
false positives.  I'm more likely to check if the folder is bolded.  

You could configure your e-mail client to junk or trash all e-mails that
are not from known senders.  Add a whitelist rule (at the top of your
rules list) that checks if the sender is in your address book.  This
works best if you can define a rule that looks in your address book
rather than having to maintain a long list of e-mail address of senders
in the rule.  You filter-in the known good senders (those you added to
your address book).  The rest are either sent to the Junk or Trash
folders or they pass through a further gauntlet of anti-spam rules.  My
aunt doesn't use a local e-mail client but just the webmail interface to
her Hotmail account.  At one time, Hotmail's configuration of Brightmail
was too loose and lots of spam got into her Inbox.  So I told her of the
server-side option to make her account exclusive; that is, the only
e-mails that get into her Inbox are those from senders in her address
book.  The rest go into a junk.  She only occasionally visits the junk
folder to check for false positives, especially if she is expecting an
e-mail, like a confirmation e-mail to complete a site's registration
process.  The same can be achieved with a rule in your e-mail client.

Do you really care that your e-mail was undeliverable to someone you
sent it to?  What are you going to do about it if it is undeliverable?
Send them another e-mail which is also undeliverable?  Most times the
NDR (non-delivery report) e-mails aren't of much value.  In Outlook, the
rule would look like:

Apply this rule after the message arrives
with "report-type=delivery-status" in the message header
  and move it to the Junk folder (or wherever you want)
  and mark it as read
  and stop processing more rules

Legitimate NDRs will have this header.  Bogus ones written by a spammer
to pretend they are an NDR probably won't.  Usually the legit NDRs tell
you to where you sent an e-mail and a reason code of why it was not
deliverable but they don't include the original e-mail that you sent.
The bogus NDRs often carry an attachment pretending it was the e-mail
that you sent to lure you into opening it to see their spam.

You could use an anti-spam program, like SpamPal (free), which
incorporates DNSBLs (DNS blacklists, or blacklists of known spam
sources) to help filter out the spam.  SpamPal, unlike other anti-spam
programs, does not block the spam from getting to your e-mail client.
It merely tags the suspect e-mails and you decide what to do with them
by using a rule in your e-mail client.  SpamPal will add an X-SpamPal
header with values telling you that it was SPAM (and if so which
blacklist on which the source was found or what other add-on you
installed in SpamPal determined the e-mail was suspect).  If your e-mail
client cannot test on headers, SpamPal can add the "**SPAM**" tag to the
Subject header.  You configure your e-mail client to connect to SpamPal
which then connects to your POP mail server (IMAP is not supported).
You can also send your outbound e-mails through SpamPal to your SMTP
mail host but the only time that is helpful is when using their Bayesian
add-on to add the content of your "good" outbound e-mails to the
database (but I tend to think that skews the database for content that
you really don't need to include in filtering inbound e-mails).  SpamPal
does not support SSL connects so you cannot use it to, say, connect to
Gmail which demands SSL be used - but you can add sTunnel to SpamPal
(your POP client connects to SpamPal which connects to sTunnel which
makes the SSL connect to your e-mail provider).  

Products like Mailwasher are only used in their payware version.  Way
too much has been crippled in their free version plus the free version
only supports using it with just one e-mail account.  If you have more
than one e-mail account then the Mailwasher Free is of little value.
Even if you only have one e-mail account, Mailwasher Free only uses one
DNSBL whereas with SpamPal you can pick and choose amongst several (and
even add others not in their pre-defined list).  Another negative for
Mailwasher is that they do have a payware version (which is why they
have a crippled free version to lure you to buy their payware version)
yet they donate nothing to the blacklist(s) that they use.  You using
the blacklists for free is expected but someone that has a commercial
venture that utilizes these blacklists should be helping to fund them.

Some DNSBLs are too aggressive for my taste; for example, SPEWS (when it
existed and now in its UCE-Protect form) isn't useful for identifying
spam in personal e-mails but instead merely to indicate how spammy is a
domain so you should only use it when your e-mail client lets you score
an e-mail (i.e., if from a "bad" domain then you add add/substract to
the score for the e-mail to make it more likely it gets identified as
spam but being from a "bad" domain is not the only measure of whether an
e-mail is spam or not).  You don't use SPEWS, UCE-PROTECT, or similar
domain-ranking blacklists in an e-mail client that is black or white in
its decision on whether or not an e-mail is spam.  In SpamPal, I use
SpamHaus SBL+XBL (but note their PBL) and SpamCop.  The PBL blacklist
identifies if the source of an e-mail came from a dynamic IP addressed
host, like some user's host that is spewing e-mails using a mailer
trojan.  For e-mails that get routed within the same domain (i.e.,
e-mails between users of the same e-mail provider), it's possible the
sender's host IP address is identified and it will be a dynamic IP
address, so the result of using SpamHaus' PBL list (or their XEN list
which includes PBL) is that you could end up tagging as spam everyone's
e-mail using the same e-mail provider as yourself.  It depends on what
Received headers your e-mail provider adds to e-mails that are routed
within that e-mail provider's own domain or network.

By using the DNSBLs, like SpamCop, you and others reporting spam to them
along with their honeypots to catch spam will update their list of known
spam sources.  Unlike SPEWS/UCE-Protect, SpamHaus and SpamCop will
expire these sources after a few days because they are no longer valid
records (spam sources come and go, often within a day or two, or even
after just 4 hours) unless the spam source gets reported again in which
case it stays longer in their database.  So you can use a DNSBL to block
spam plus you can help report spam that hasn't been detected or reported
yet.  SpamCop also sends abuse reports to the sender's e-mail provider
but that isn't the point of SpamCop.  The reports only help the legit
non-spam friendly e-mail providers target their own users that are spam
sources and kill those accounts.  Most e-mail providers don't do much
with those reports and the spam-friendly providers will do nothing.  You
reporting the spam is mostly to get their blacklist updated (to
re-energize their record, if present, for the same spam source to keep
it listed longer or to add a new record).  SpamHaus finds most of the
spam and only occasionally does SpamCop detect one that SpamHaus did
not.

There are lots of anti-spam products out there.  Many, like SpamBayes,
just rely on Bayesian filtering (historical word weighting database)
which is a guessing scheme.  Lots of those seem to want to hide that
they are using a Bayes filter by vaguely describing the "intelligence"
in their scheme.  Microsoft spends writing a long paragraph to evade
from coming right out to say that Outlook 2003/2007 use a Bayes filter
(which has poor learning and cleanup and why they shove out a monthly
update).  Presumably you already enabled the server-side anti-spam
filter provided by your e-mail service.

Re: Bombarded with false emails

VanguardLH wrote:
Quoted text here. Click to load it

[etc]


Useful and clear. "Now why didn't I think of that..." ;-)

Thanks.

--
Wolf Kirchmeir

Re: Bombarded with false emails

Hi guys,
Thanks for all your help and advice I give it all ago thanks alot it is
appreciated
Regards
Bob

Quoted text here. Click to load it



Site Timeline