Honu-Hugger
Well-known
Good morning,
Has anyone suspected they are being spammed from this forum? This morning I received an e-mail from <Brain Sweeney [ikfkakdxekkrmu@australianmalls.com]> and the way my mail program is set up it came in initially as "Brain Sweeney," which is not to say that Brian is not worthy of the title "Brain," but that was too much of a coincidence to ignore. I know next to nothing about the inner workings of e-mail, computers, Spam, etc. but I am saving the message for a little while in case anyone here needs more information from it or can advise me. I am protected by two spam filters and a firewall and all is current and continually updated, for whatever that is worth.
Has anyone suspected they are being spammed from this forum? This morning I received an e-mail from <Brain Sweeney [ikfkakdxekkrmu@australianmalls.com]> and the way my mail program is set up it came in initially as "Brain Sweeney," which is not to say that Brian is not worthy of the title "Brain," but that was too much of a coincidence to ignore. I know next to nothing about the inner workings of e-mail, computers, Spam, etc. but I am saving the message for a little while in case anyone here needs more information from it or can advise me. I am protected by two spam filters and a firewall and all is current and continually updated, for whatever that is worth.
digitalox
RF Extraordinaire
maybe brian has a worm? I haven't seen any spam from here, but I have spam blockers on.
denishr
アナログ侘・&#
Doug, the spam mail is probably the result of e-mail and name "harvesters", which are getting more and more sophisticated.
One possible scenario is that someone unleashed such a "harvester" on RFF, collecting both NAMES and e-mail addresses, and using such a database to send spam to RFF members, who might open the mail thinking it came from someone on the RFF. Clever concept, you must admit....
I've found that the only way to fight spammers is to use throwaway e-mail accounts (e.g Gmail and other free email addresses) for public communication, like forums, mailing lists, etc., and NEVER, absolutely NEVER provide your "REAL" e-mail address in the open - i.e. in the text of your message. If you have to do it, at least try to mask is somehow, like this:
if your real email is doug @ mymail.com, you could write it as dougREMOVE_ME {at} mymailREMOVE dot com.
Not much help with more sophisticated harvesters, but at least it will give them something to work on.
Of course, spam filtering is essential...
Denis
One possible scenario is that someone unleashed such a "harvester" on RFF, collecting both NAMES and e-mail addresses, and using such a database to send spam to RFF members, who might open the mail thinking it came from someone on the RFF. Clever concept, you must admit....
I've found that the only way to fight spammers is to use throwaway e-mail accounts (e.g Gmail and other free email addresses) for public communication, like forums, mailing lists, etc., and NEVER, absolutely NEVER provide your "REAL" e-mail address in the open - i.e. in the text of your message. If you have to do it, at least try to mask is somehow, like this:
if your real email is doug @ mymail.com, you could write it as dougREMOVE_ME {at} mymailREMOVE dot com.
Not much help with more sophisticated harvesters, but at least it will give them something to work on.
Of course, spam filtering is essential...
Denis
Last edited:
Honu-Hugger
Well-known
Thanks for the tips, Denis. That is just the kind of stuff I don't know and appreciate the information. Whether this is true or not, I've been told not to open any mail that I am not sure of. When I saw the misspelling of Brian's name I did not open it -- am I at all vulnerable even having it in my "delete" file? I have McAffee firewall and spam filter plus the spam filter from my ISP...but I just don't know enough about how all of this works.
denishr
アナログ侘・&#
/rant mode ON
For all those using Windows XP, another particularly useful and recomended measure is to have a firewal (ZoneAlarm comes to mind), since attacks on WIn XP systems are mostly done through other channels, not primarily by e-mail. So, if you have only antivirus software and e-mail scanner, you're still very much exposed. The only thing that helps is a third-party firewall. As you might guess, I don't trust M$ in this regards (Win XP does have a firewall, kind of, but I would't trust it).
Arrival of the Win XP, which is (deliberately?) wide open for Internet attacks was one of the reasons why I switched to Linux.
I refuse, under ANY circumstances, to connect to Internet using Win XP, even with a firewall and all the extra stuff.
/rant mode OFF
There....
Denis
For all those using Windows XP, another particularly useful and recomended measure is to have a firewal (ZoneAlarm comes to mind), since attacks on WIn XP systems are mostly done through other channels, not primarily by e-mail. So, if you have only antivirus software and e-mail scanner, you're still very much exposed. The only thing that helps is a third-party firewall. As you might guess, I don't trust M$ in this regards (Win XP does have a firewall, kind of, but I would't trust it).
Arrival of the Win XP, which is (deliberately?) wide open for Internet attacks was one of the reasons why I switched to Linux.
I refuse, under ANY circumstances, to connect to Internet using Win XP, even with a firewall and all the extra stuff.
/rant mode OFF
There....
Denis
peter_n
Veteran
I would second the recommendation for Zone Alarm as a software firewall. When you first install it you have to "teach" it what your trusted programs/domains are but it does seem to work pretty well. The free version is all you need. I recently installed a wireless router on our internet connection in the house and that comes with a hardware firewall but I keep Zone Alarm going anyway.
I use the same strategy as Denis - "throwaway" email addresses, generally using my company as a domain. To repeat his advice, never place your email address on a web page as a text string i.e. myname@mydomain.com, you are just asking for trouble. If you absolutely need to have a contact address on a page, that can be done two ways. If you use software like PHP or ColdFusion define the components of an email address as variables then echo those variables in the correct order in the page. The second method is to use decimal values for the characters in an email hyperlink. The link below is a simple generator for the second method:
Advanced Email Link Generator with Anti-Spam Encoder
I use the same strategy as Denis - "throwaway" email addresses, generally using my company as a domain. To repeat his advice, never place your email address on a web page as a text string i.e. myname@mydomain.com, you are just asking for trouble. If you absolutely need to have a contact address on a page, that can be done two ways. If you use software like PHP or ColdFusion define the components of an email address as variables then echo those variables in the correct order in the page. The second method is to use decimal values for the characters in an email hyperlink. The link below is a simple generator for the second method:
Advanced Email Link Generator with Anti-Spam Encoder
Pherdinand
the snow must go on
I never received spam that i could relate to RFF. Can't say the same about photo.net, as example.
I receive approx. 30-40 spam mail onto my work address and 5-10 more onto my private mail account (the one used for RFF). Daily.
I also run regularly two anti-ad anti-spyware programs on my computer; and have virus scanner/shield always on, auto updated.
I receive approx. 30-40 spam mail onto my work address and 5-10 more onto my private mail account (the one used for RFF). Daily.
I also run regularly two anti-ad anti-spyware programs on my computer; and have virus scanner/shield always on, auto updated.
Pherdinand
the snow must go on
Oh, i use XP...
GeneW
Veteran
As an old Internet'er (I started on the Internet in 1978, long long before the World Wide Web) I don't get my knickers in a knot about spam. It's there, it's unpleasant but you can filter out most of it.
I totally disagree with using throwaway email addresses. And my email address is all over my website and has been harvested many many times. So what? The point is, my friends and colleagues know how to contact me. Folks who visit my website know how to contact me. They don't have to chase a trail of discarded addresses.
And btw, Linux is no guard against email spam. It really doesn't matter which operating system you use, you'll get spammed.
Viruses, now, are another matter. Many viruses are now email based and spread via email, so one of the first safety rules is don't open email that looks suspicious. Never open an attachment unless you were expecting it.
In the area of viruses, Windows operating systems are more vulnerable than Macs or Unix (though they're not immune). Two things Windows users can do to reduce their risk is to not use Internet Explorer and to not use Outlook Express. The Mozilla project's Firefox (browser) and Thunderbird (email) are generally safer (though again, not immune) -- http://www.mozilla.org
Keeping up with Windows security patches is important. Keeping up with Linux security patches is also important! LOL
Windows antivirus software is essential, and it too needs to be kept up to date.
But basically I don't let spam interfere with my enjoyment of the Internet, no matter how many ads for viagra get through the filters ...
Gene
I totally disagree with using throwaway email addresses. And my email address is all over my website and has been harvested many many times. So what? The point is, my friends and colleagues know how to contact me. Folks who visit my website know how to contact me. They don't have to chase a trail of discarded addresses.
And btw, Linux is no guard against email spam. It really doesn't matter which operating system you use, you'll get spammed.
Viruses, now, are another matter. Many viruses are now email based and spread via email, so one of the first safety rules is don't open email that looks suspicious. Never open an attachment unless you were expecting it.
In the area of viruses, Windows operating systems are more vulnerable than Macs or Unix (though they're not immune). Two things Windows users can do to reduce their risk is to not use Internet Explorer and to not use Outlook Express. The Mozilla project's Firefox (browser) and Thunderbird (email) are generally safer (though again, not immune) -- http://www.mozilla.org
Keeping up with Windows security patches is important. Keeping up with Linux security patches is also important! LOL
Windows antivirus software is essential, and it too needs to be kept up to date.
But basically I don't let spam interfere with my enjoyment of the Internet, no matter how many ads for viagra get through the filters ...
Gene
Last edited:
Honu-Hugger
Well-known
I take what comes through my filters in stride, as well, and never give spam much thought. However, this morning to see an e-mail from "Brain Sweeney" (sic) was just a little too ironic; it made me wonder how they would come up with that? To the best of my knowledge Brian and I have only communicated through the forum and the forum PM, never via e-mail....I'm disturbingly impressed by the sophistication of the technology!
The email addresses at RFF are private. Meaning that even members cannot see eachothers email unless I make them visible in your profile. And I wont do that. Every now and then people send alias emails as if thety come from someone else. But most filters can pick that up.
I just saw the thread; I certainly get a lot of mail addressed to "Brain Sweeney", but no Email! Sounds like someone is a poor typist and spoofer. An automated program would not make that spelling mistake, nor would any database have that spelling mistake. SMTP just does not correct for bad spelling when forwarding EMail. Have you examined the raw headers for the message routing? The Email in the RFF database is correct, no typos; so they did not harvest it from here.
Forward the Email to me with headers, I would be interested in reading it through. Should cut and paste into a PM.
Forward the Email to me with headers, I would be interested in reading it through. Should cut and paste into a PM.