I'm getting these mails to address's on my site, the headers are as so:
Quote:
Return-path: <abcd8037g50@yahoo.com>
Delivery-date: Fri, 26 Jul 2002 16:53:52 +0100
Received: from [211.185.156.157] (helo=yahoo.com)
by hespera.uk.clara.net with smtp (Exim 3.36 #4)
id 17Y7PZ-000EQF-00; Fri, 26 Jul 2002 16:53:51 +0100
Received: from unknown (18.131.200.63)
by rly-xw01.otpalo.com with NNFMP; Fri, 26 Jul 0102 22:53:42 -1100
Received: from unknown (HELO asy100.as122.sol-superunderline.com) (151.132.15.209)
by pet.vosni.net with QMQP; Fri, 26 Jul 0102 11:43:55 +1100
Received: from 13.90.124.66 ([13.90.124.66]) by rly-xw05.oxyeli.com with SMTP; Fri, 26 Jul 0102 22:34:08 -0700
Reply-To: <abcd8037g50@yahoo.com>
Message-ID: <003a88c35c3d$6137e2e6$3dd75eb6@udsqiu>
From: <abcd8037g50@yahoo.com>
To: <alex@robotguru.com>,
<links@robotguru.com>
Subject: I saw your email
Date: Fri, 26 Jul 0102 12:39:20 +0300
MiME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Internet Mail Service (5.5.2650.21)
Importance: Normal
X-RBL-Warning: (relays.osirusoft.com) (2002/07/22) Open Proxy: http(80)
X-RBL-Warning: (bl.spamcop.net) Blocked - see http://spamcop.net/bl.shtml?211.185.156.157
X-Envelope-To: alex@robotguru.com
X-claradeliver-Version: 4.14.8
X-UIDL: 1027698833.55618.hespera.uk.clara.net
X-RCPT: alex
Status: U
I've tried to track the IP but got no result, not sure how to read these headers either
__________________
[+] Computer/PC issues [+] Silverpaw3D
------------------------------------------------ Never buy a dwarf with learning disabilities...
The idea is that spambots will follow the link looking for more email addresses. When it visits my email page, it will get all the email it wants - maybe more! The spammer will then use these emails, but then be flodded with "cannot deliver" returns.
Quiet Storm's method is not recommended, and really doesn't do anything these days, clogging a list no longer renders the list unusable...if you are serious, then you need to block spammers from harvesting your site, but then again, your Domain Registration information is always available for sale (whether you like it or not), so you are going to also get spammed from that.
Anyways...
211.185.156.157 is an Asian Pacific network block, which means this is definitely knowing US-law violating spam (if it comes from APRNIC or KRNIC, you've got one of the most common spamming methods hitting you). It also means you probably won't be able to nail them, because ARPNIC is a system-wide handler for thousands of IPs, and they usually do not investigate complaints you send them well enough for them to figure out who did the spamming down the line and send the complaint on...they're just coordinators. They're bouncing it off ghosts and dummy accounts from textile manufacturers (probably), and you're basically toast.
You need to protect your email addresses. For example, shadowstorm has an automated system I wrote that handles my dummy email addresses. I have thousands of aliases, each one unique to a service I sign up with, so that if I get spam on an address, I know I gave that address to whatever company and whatever company only...thus I know who's selling me and I can kill that email address and never hear from them again. You can also use places like hotmail for catchalls.
Also, as I said, consider protecting your site from harvesters, but remember that if you are the site owner and registered domain owner, your information is not considered private and is sold almost daily by internet registrars.
I have reduced my spam by 90% by simply adding *@yahoo.com
to my blocked senders list.
I have never ever received an email originating from yahoo.com which was not spam. If everyone followed this plan yahoo would soon be forced to clean up its system.
I also use Mailwasher to filter out unwanted stuff, and provide another layer of protection against viruses, Nigerian scams, mortgage offers and other malicious or unwanted mail.
I use Hotmail's "Exclusive" Junk mail Filter. That works really great. Only addresses in my Address Book or Safe List are allowed in my Inbox. The rest go to my Junk mail folder where I can just empty it at a click of a button. There's also a "This is not Junk Mail" button to automatically add it to the Safe List. Possibly the best anti-spam feature on the web!
Concerning the IP address 211.185.156.157, this isn't the originating address. The last "Received" header in the list shows the originating IP (unless the headers have been faked), which is 13.90.124.66 - registered to Xerox...
Xerox Palo Alto Research Center (NET-XEROX-NET)
3333 Coyote Hill Road
Palo Alto, CA 94304
US
Record last updated on 17-Dec-2001.
Database last updated on 27-Jul-2002 17:42:00 EDT.
Feyd, long time no view-text (I was Christopher Pike in the 'OLD' forum)...
...not sure what you mean about "clogging a list no longer renders the list unusable...". However, if a spammer gets a flood of bounces from non-existant addresses it's wasting the spammers time, and if they pass the list on then at least it's wasting other spammers time. The more fake addresses that get passed around on lists, the less spam people will get (unless the spammers increase their output to compensate). It may not stop you getting spam, but anything that makes spammers have to work harder is good.
I agree that you do need to protect your e-mail addresses. When signing up for something I use a hotmail account, and I never (at least not any more, as far as I'm in control of) allow my e-mail address to be displayed on any Webpages.
Recently I've been getting email which spoofs my address in the header. Example:
Quote:
From popserve Sat Jul 27 04:20:33 2002
Return-Path: <wsthune@iastate.edu>
Received: from mailin-2.iastate.edu (mailin-2.iastate.edu [129.186.140.12])
by pop-2.iastate.edu (8.12.0/8.12.0) with SMTP id g6R9KXDg004872
for <wsthune@iastate.edu>; Sat, 27 Jul 2002 04:20:33 -0500
Received: from ol220-85.fibertel.com.ar(24.232.85.220) by mailin-2.iastate.edu via csmap
id 20740; Sat, 27 Jul 2002 04:17:09 -0500 (CDT)
From: wsthune@iastate.edu
Message-Id: <0JN3VE9YH.8BGXWP6.wsthune@iastate.edu>
Date: Sat, 27 Jul 2002 05:17:44 -0500
MIME-Version: 1.0
Reply-To: wsthune@iastate.edu
Received: from iastate.edu by BO9AH.iastate.edu with SMTP for wsthune@iastate.edu; Sat, 27 Jul 2002 05:17:44 -0500
To: wsthune@iastate.edu
X-Encoding: MIME
X-Priority: 3 (Normal)
Content-Type: multipart/alternative; boundary="----=_NextPart_794_37834352240333
1607188132452134"
Content-Transfer-Encoding: Quoted-Printable
X-Sender: wsthune@iastate.edu
Subject: You're Paying Too Much
Okay, not too hard to find the originating IP. What really gets me is this little paragraph at the end:
Quote:
This email was sent to you via Saf-E Mail Systems. Your email address was automatically inserted into the To and From addresses to eliminate undeliverables which waste bandwidth and cause internet congestion. Your email or webserver IS NOT being used for the sending of this mail. No-one else is receiving emails from your address. You may utilize the removal link below if you do not wish to receive this mailing.
What a crock. Seems to me nothing more than a scheme to get around spam filters.
Speaking of spam, a few weeks ago a got a barrage of some pretty strange ones. Each one very similar in that they (essentially) wanted me to transfer 'large' amounts of money to my account to hold it for them . However, they all came from different people...very suspicious and I don't know what to make of them. I have gotten them at 2 different accounts. Here's one of them exactly as I received it. I would normally delete names and phone numbers, but in this case I don't see what it could hurt to leave them intact. Anyone know what to make of this one or received any similar messages?
I am Moustapha Abacha, the second surviving son of the late General Sani Abacha.
We hereby acknowledge the receipt of your mail to my mother with thanks,
May Allah reward you greatly for your decision to assist us
in this mutually beneficial transaction;
My mother has insisted that I deal with you directly at this crucial
stage in this issue rather than the family lawyer.
As my mother has rightly informed you,we are seriously in distress
as all our saved money abroad totaling over Us$700M has been
confiscated by the Nigerian government.
If you have been following my family's profile in the news lately,
you would have read all this things up.
I wish to inform you at this time that my mother will be reaching you Based on the fact that she would really want to establish a
relationship based on mutual trust and understanding.
So many people have disappointed us home and abroad, even people who benefited from my fathers regime have all bitten the finger that once fed them, that is why we had to throw caution to the wind and trust you a stranger who we had never met all our lives.
Dear Friend, as much as we recognize that a lot of wonders happen these days, you do not have to doubt the authenticity of my mothers mail to you, because we are really oppressed, and we need the assistance of a God fearing person and a good natured man like you to help us clear our funds from a security company, and bank it up for us while we make arrangements to travel and join you up once the surveillance on us is reduced.
For security purposes, I shall be coordinating the Business
transaction as tight security is presently placed on my mother, we cannot afford to Lose the only remaining US$40.30 Million, of all that my fatherleft for us. At the moment, the funds are in a security company and were deposited As African Artworks in some luggage. As soon as we are sure that we can trust you,we shall go ahead to send you the Certificate of deposit and the
luggage numbers and security code numbers.
For the purpose of security and confidentiality, I would require that You and I proceed with this business with telephone and fax
communication, as I would not want to discuss this transaction on The Internet for
security reasons.
So I would suggest that we conduct this business through telephone and fax communication, while my mother will be reaching you via e-mail as security agents bug her telephone line.
As, as soon as I hear from you through my Satellite Telephone numbers and email Address as above, I shall furnish you with the whole details of how to Finalize the transaction and other information you might require or other things you might need to know and also you should be rest assured that this transaction is 100% risk free and success guaranteed.
There are documents backing the legitimacy of this transaction that will convince your bank or any other bank that might doubt the authenticity of these funds.
Also I will send you more information and other information you might require via fax immediately I hear from you on my telephone.
I look forward to your urgent response, as my mother and the rest of the immediate family genuinely need your help.
Truly Yours,
MOUSTAPHA ABACHA.
Just to be clear on this, I DID NOT make any contact with him or his mother...lol. This is the first I've heard of him or anything about his 'matter' .
Edit: On afterthought, I decided to remove the last 3 digits in the phone number, just to be consistant with privacy issues .
__________________
boxer_1
CodingForums Moderator
"How did a fool and his money get together in the first place?"
Originally posted by Pikeus boxer_1, those e-mail scams are everywhere now, I read somewhere recently that quite a few people have been sucked in too.
Hey Chris...good to see (read) you again and thanks for the info . I guess I've just been fortunate enough not to have received those spam scams until recently. I can see how it would be easy enough for some people to get sucked into those scams, especially people who are relatively new to the wonderful world of the internet/email and are not yet aware how full of scam oriented people are out there. It's quite pathetic actually .
__________________
boxer_1
CodingForums Moderator
"How did a fool and his money get together in the first place?"
Originally posted by Graeme Hackston I'm obviously missing something as no one has suggested this. What about using document.write to piece together email address on the fly?
That is a fairly common practice and works well to prvent your email from being harvested from your source code:
Too bad there are so many other ways to get a hold of your email address. Never reply to the 'Click here to unsubscribe' trick. That just lets the spammers know that they've hit a valid email address .
__________________
boxer_1
CodingForums Moderator
"How did a fool and his money get together in the first place?"
I use the JavaScript method of breaking up my e-mail address, but I mainly use a mailform at my site, that way only people that go out of their way can e-mail you. Even most of the spammers Websites will have one.
This is my favorite footer to a spam... because we don't want "junk mail" we're hurting the economy and our children!!!
This e-mail is NOT spam! If you received this email, you were on a permission based list. This e-mail was sent by Dialcentric Inc. 3A Professional Park Dr. Maryville IL 62062 phone: 618-288-6661. We are dedicated to saving the global economy by helping small companies with cost effective advertising. If you attempt to stop bulk email, you are damaging the economy and threatening our children's future. To be taken off ALL of our list Click Here
__________________ -WebMark Art
Programming is 80% thinking and 20% spelling
Boxer_1 - You have received one of the many Nigerian Scam emails. I have received upwards of 60 this year alone, often two on the same day.
I am told that a lot of people have fallen for this trick, and the originators make hundreds of thousands of dollars a year. I have to say that I find this rather hard to believe. Is any one really dim enough to believe that someone wants to pay him (and only him) $X million dollars to use his bank account for a crooked enterprise? Or that lots of guys in Africa all want to do the same??
I know that you can only fool some of the people all the time. These are the ones that the Nigerians try to concentrate on.
Before you post, read our: 
Spam - feeling rather harassed
.
