I got the following in return from him. Anybody got any ideas? Sure would appreciate the help.
>From: Jim or Rhonda Andersen
>Date: Fri Jun 09 10:05:52 CDT 2006
Interesting article, Bruce. Thanks.
What I’m concerned about right now is why I keep sending out spam, trying to sell others stock in strange companies.
I learned I was doing this, about a week ago, when I started getting the emailed returned from postmasters saying the address I sent my email to was invalid. Below the notification, or attached to the email, is a copy of the spam I sent, showing my address, JamesAndersen@earthlink.nett, listed as the sender, except I never use the capital J and A. My name, regardless, is being besmerched.
There is no way to stop it with the current email system. Anybody can send an email and put whatever email address they want in the From and/or sender field. In his case, the email address is a very easy one for a spammer to make up. Common first and last name at a large ISP.
There is something called SPF (Sender Policy Framework) that one can designate that email from a certain domain name can only be sent via certain servers (ie. all email from gilby.com is sent through a X.gilby.com server). This wont prevent the bounces as not every ISP will use it and reject the email transmission. It can be used to filter mail and block some spam because if I get an email from a domain that uses SPF, I can verify if the email came through a qualified server.
Anyone can send email with any name or email address as the from address. There is no simple way to validate senders are who they say they are.
What is likely happening is that someone he knows has a worm/virus/trojan/badware on their computer that has turned their computer into a spam center. The computer is busy sending out spams for some third party. It is grabbing email addresses from the victim’s address book and using those address as the from address and to address for spam. That makes it look like the spam is coming from someone the person likely knows (since people in an address book likely know each other to some degree).
So someone someone the person knows (or someone who has his address in their address book) has an infected computer that is acting as a spam zombie. It is probably someone who entered his email address with a capital J and A in the address book. That may narrow it down to who it could possibly be.
He should do a full scan of his computer with an anti-virus program and an anti-spyware program just to be sure that it isn’t his computer. Then ask his friends who may have him in his address book to do the same. Trend Micro has a free online virus scanner that would do the job. There are also free (for home use) anti-virus programs from Avast! and AVG. Ad-Aware can be used to scan for known spyware.
It is also possible that this is just a dictionary attack on earthlink email address. His email address is plain enough (just a first name and last name) that it could easily be generated in a dictionary attack that tries random first names with random last names and just sends an email to/from that random address. That is one reason why it can be better to have an email address with some numbers or additional letters in it so it is less likely to get guessed in a dictionary attack (something like FirstnameLastname4242@example.com instead of FirstnameLastname@example.com).
…but if every ISP (and alike) would spend a little time to keep DNS administration up to date, it would make a drastic descrease.
However; there’s very few ISP’s (or alike) willing to spend some time to prevent ijacking (ID jacking) of their users (plus prevent other internet users receiving spam). While -besides time- it’s not costing anything.
DomainKeys:
Or DomainKeys that came from the Yahoo Lab…
A kind of invisible weaker version of PGP for dummies, and SPF combined.
So again; there’s very few ISP’s (or alike) willing to spend some time to prevent ijacking (ID jacking) of their users (plus prevent other internet users receiving spam). While -besides time- it’s not costing anything.
PGP:
As end-user you can could use PGP to sign mail with your key.
It will require a cert that needs to be broadcasted by keyservers, like mine
However; end-user like it the easy way, and are not willing invest just time to prevent ijacking (ID jacking) of their own ID (and prevent other internet users receiving spam). While -besides time- it’s not costing anything.
SSL certs:
Then there is the Free SSL certs, that you can use in Outlook.
Like here. I used to have a (free) Verisign certificate (but hardly ever use Outlook).
But how often did you get a SSL signed e-mail?
So again; end-user like it the easy way, and are not willing invest just time to prevent ijacking (ID jacking) of their own ID (and prevent other internet users receiving spam). While -besides time- it’s not costing anything.
Hey Yoopers, I remember this threath you (also) started, in which I (also) replied.
Watching that date it seems your suffering is having it’s anniversary soon.
Wow that’s a lot. Rob Cockerham wrote up a review for the Cloudmark’s anti-spam software and apparently it works extremely well. It isn’t free but it’s cheap so if you’re getting that much I’d say it worth it. http://cockeyed.com/citizen/products/awesome4.shtml
The problem with SPF is that not everyone is sending mail through their email providers smtp servers. Some ISPs route all traffic to port 25 (the port used for smtp) to go through their own servers, so if someone has their own domain hosted elsewhere, the SPF would not work.
However, I put that in there, but my ISP doesn’t have SPF set up, further, I do not access the internet via the same ISP all the time. When I went to California, I access the net through a different ISP. When I am on the road or just somewhere else, I access the 'net through the global “linksys” wireless network as you may know.
On unicyclist.com, I offer free email, but I do not allow smtp access and instead tell users to use their own ISPs smtp servers, which would not be feasible implementing spf on.
PLEASE tell me you are exaggerating – that what you really mean is “a ridiculously huge amount”.
I will be creating a web site to sell Palm software (once I finish developing my first product). Spam is already a big issue for me because I get over 200 spams per day. I got a few days behind and just had to clear out about 1200 spams from my inbox. When my product web site goes up I expect to get spammed into oblivion – but I cannot afford to miss a single email from a customer. Spam filtering software has false positives. But manually wading through mountains of spam every day is error-prone too (not to mention mind-numbing and infuriating).
Do you really get that much spam? What do you do about it? Thanks for any tips or experience you can share.
# simply use their SMTP server IP in your record:
unicyclist.com IN TXT "v=spf1 ip4:212.204.226.111"
# Or (as ISP's often wont bother spending time to notify IP changes):
unicyclist.com IN TXT "v=spf1 a:smtp.isp.com"
# but never trust on PTR's
# place multiple entries:
unicyclist.com IN TXT "v=spf1 a:smtp.isp-ca.com a:smtp.isp-mn.com"
# or a range:
unicyclist.com IN TXT "v=spf1 ip4:212.204.226.111/29"
multiple options:
create an interface where users can announce the SMTP service they use
Which requires knowledge at the end user PLUS some administration at changes. Both are not very likely.
don’t allow foreign SMTP server being used, but tell your users to only use the webinterface.
User-friendlyness and security often conflict.
start offering mailaccounts that include SMTP at a commercial base.
So end-users can have smtp.unicyclist.com, and the time you spend on it is being paid.
We actually get more than that, but I don’t know how much more because they are deleted automatically. I had forgotten that was what we get after the first line of defence which is the ISP’s spam filter set to aggressive.
We actually get only a controllable amount of spam in our in box. Here is some of how we deal with it.
At an ISP level we have the have our emails set-up so we have specific accounts for the email address that we pick up. Well actually we don’t, we actually pickup from a totally unknown user name and we re-direct to that user than from all the email addresses that we use. The reason for this is that we can stop or change the redirect at any time. This account we have only moderate spam filtering. We then do a catch all account which we filter aggressively and delete confirmed spam on the server before we pickup.
We then have our own IMAP server in the office that we all pick our mail up from. The picks up each of ours personal mail, the catch all and also a group email address. We use Thunderbird with it’s spam filter running and educated to filter the mail. We do this on one machine only which runs 24/7. Thunderbird tags and moved the spam into spam folders which are checked once a day. It is worth pointing out that I have not found any non spam in these folders for a good few months.
Our inbox gets probably about 200 false positives a day I guess. Certainly something that you can cope with. Although I have been known to accidentally delete people emails… sorry.
Protection for not getting spam from your webpages… If you can use webforms for responses that do not show email addresses. We don’t, but that is our policy as we want to be as open as possible to who we are so we do publish them. Although we do try and hide them as much as we can. Check out our home page source code.
The most effective method to prevent spam that I’ve found is to use greylisting. This essentially means that the mail server will say to the sending server to try again later if the server has never been sent email from that domain. Since most spam comes from zombie computers that have viruses on them, the greylisting works as these spam zombies will not try again later to send the email, whereas regular mail servers will. The problem with greylisting is that it can delay mail. I have my server set to delay it one hour, but I combine greylisting with spamassassin which scores the email to rank how spammy it is. If it scores 2 points or more, I greylist it, otherwise it is received right away.
Now days you do not want to use a catchall for your domain. I used to use that and eventually a spammer used a username dictionary and sent tons of spam to it and put the working email addresses in a database that got sold. Since it was a catchall, all emails worked. Now I use a system where I can use a dash and append a dash and a name when I fill in forms. So like if I fill out a form on a website, I’d use username-example.com@gilby.com for the email address.
On my websites, I create an email address to display and every once in a while I cancel that email address and use a different one. For example, on my TinyURL.com website, I used to use info@tinyurl.com, but I cancelled that email address and now have mail@tinyurl.com. If the mail@ one gets too much spam, I’ll change it to something else. You could also create email addresses dynamically, based on the visitor’s IP address and cancel those that end up in spammer’s databases.
Yes, that’s supposed to be a pretty good spam filter. As it’s backend it uses the razor2 database. I use that database in my spamassassin implementation.
I used to use that on on my Windows machine with Outlook. It worked well, but still had to “hand-filter” all incoming email on my local machine. My current solution seems to work even better. OnlyMyEmail filters my mail on their servers, and only sends me the ones that go through. Everything suspected as spam stays on their server, and I get a daily report listing all the “caught” mail. I’m up to around 220 a day currently. This service costs $3 per month, which I consider well worth it for the reduction in hassle.
For the first few months I read my daily spam reports carefully, and picked out the occasional false-positive. Then I went for many months without receiving a single one. It works! And that’s a lot, as I get random emails from around the world with unicycling questions. Their system also makes it easy to mark the occasional message that does get through (less than one a day) as spam with two clicks, adding it to a ranking on their system (similar to Cloudmark).
If you’re on a Microsoft Exchange server, the best product I’ve ever seen is called Red Condor. Zero false-positives. We used it at my company. But it’s only for Exchange servers, I think.
Recently, I got a bunch of email from people complaining about spam they’d received from me. Except it wasn’t from me. I got a few of the people to send me a copy of the offending spam. It had some sort of ad message at the top, but then was filled with random samplings of old emails or newsgroup posts that had been picked up from the Internet. In this case, a RSU post about MUni Weekend from two years ago, including a link to a page on my web site. That’s how they tracked me down. Dammit, now even posting links to your own web site can get you in trouble!