Stoks and shares spam.

[brettDbass]

Stocks and shares spam.

Suddenly, a couple of weeks ago, I started receiving loads of spam espousing the virtues of particular stocks and shares both at work and on my main personal email account.

How long am I going to have to wait until this kind of thing gets added into the spam filters? It's really getting on my boobies.

 

[Meffy]

What email software do you use? I use Mozilla Thunderbird. Its adaptive spam filters picked up pretty quickly on which messages I was spam-canning.

 

[MWare]

I've given up on spam filters - I just use a spam account that is the address I give whenever doing online registrations or anything. I only give out my "real" personal address directly to people I know. I haven't gotten spam on that account ever

 

[Rat]

Is this the kind where the subject is random words, and the email is actually a pastel-coloured image? If so, I get, indirectly, a couple of dozen a day. I'm collecting the best subject lines so far, but, as mentioned in another thread, "spastic ineptitude" is still my favourite.

I'm the same for multiple accounts, though. I have two accounts that I never get spam on, and two on which it's non-stop.

Best solution (though neither cheapest nor simplest), get a domain and register one address for each dodgy place you give out your address, each of which has a redirect to your main address. That way, you can easily abandon compromised addresses, and you know which bugger has sold your address to boot. Then you can go and burn them down. The people, not the business, that is.

Cheers,
Rat.

 

[kevin]

Best solution (though neither cheapest nor simplest), get a domain and register one address for each dodgy place you give out your address, each of which has a redirect to your main address. That way, you can easily abandon compromised addresses, and you know which bugger has sold your address to boot. Then you can go and burn them down. The people, not the business, that is.

I do this, although I don't have to register e-mail addresses I can just make them up. Then if one gets picked up for spamming I can blacklist the address they're using.

BTW, employees of companys will somtimes sell e-mail addresses to spammers without the company knowing about it so it isn't always the fault of the company you used the address at.

 

[brettDbass]

Is this the kind where the subject is random words, and the email is actually a pastel-coloured image? If so, I get, indirectly, a couple of dozen a day. I'm collecting the best subject lines so far, but, as mentioned in another thread, "spastic ineptitude" is still my favourite.

It's exactly that, yes. Often a pastel image which you can't even read.

I have a few stored on the works machine but I haven't found one yet to beat "spastic ineptitude".

Ah well, guess I'll have to look at changing when and where I give out my address.

 

[Meffy]

If you display an image in a spam, often that's enough to tell the spammers you've opened their message, and what address you're at -- IOW, it says "This address is alive, keep on spamming," or worse still, "Put this address on the lists we sell to other spammers!"

Even a 1x1-pixel transparent block can do it. The trick is in the image's filename (or path), which can act as a sneaky way of reporting back to whoever sent the spam.

Best defense: Don't view spam at all. Next best: tell your email client not to display images unless you explicitly okay it on a per-message basis. [edit] Really, the best of all is to do both. Belt and suspenders.

 

[Rat]

If you display an image in a spam, often that's enough to tell the spammers you've opened their message, and what address you're at -- IOW, it says "This address is alive, keep on spamming," or worse still, "Put this address on the lists we sell to other spammers!"

Even a 1x1-pixel transparent block can do it. The trick is in the image's filename (or path), which can act as a sneaky way of reporting back to whoever sent the spam.

Best defense: Don't view spam at all. Next best: tell your email client not to display images unless you explicitly okay it on a per-message basis. [edit] Really, the best of all is to do both. Belt and suspenders.

This is only true if the image is linked via http or similar. In these particular spams, the image is embedded; that is, it is attached with the mail. It does no harm to view it, but it does cost bandwidth when you're getting hundreds per day, as each mail is around 70-80KiB.

Outlook (and presumably OE, but I don't use it) blocks linked images, but allows embedded images by default. Yahoo mail does the same.

Cheers,
Rat.

 

[brettDbass]

This is only true if the image is linked via http or similar. In these particular spams, the image is embedded; that is, it is attached with the mail. It does no harm to view it, but it does cost bandwidth when you're getting hundreds per day, as each mail is around 70-80KiB.

Outlook (and presumably OE, but I don't use it) blocks linked images, but allows embedded images by default. Yahoo mail does the same.

Cheers,
Rat.

That's good, as those two are the two I use too.

 

[Meffy]

This is only true if the image is linked via http or similar. In these particular spams, the image is embedded

Ah, no troubles then. Good 'nough. I still never open spam just on general principles.

 

[ktesibios]

You don't necessarily have to give out an email address or post it anywhere to start getting spam on that account. My ISP allows me to have up to five different email addresses; I set one up just to test the procedure for doing so and have never given that address to anyone, sent email from it to anyone except my primary account or included it in a Web or Usenet post.

It still gets nearly as much penny stock scam, "online pharmacy" and fake Rolex spam as my primary ISP account.

I'm not sure how this happens, but it may have something to do with the occasional incoming email with forged headers and a totally empty body that I see from time to time.

 

[Rat]

My gmail account (for which I have given the address to virtually no one) gets some spam, but not much. This is easily attributable to my having a purely alphabetical address consisting of English words @gmail. I have two other accounts to which I have given the addresses to almost no one, and which aren't at a massively popular mail host, and I get no spam whatsoever at either of them.

If your address isn't something-obvious@a-big-mailhost.com, then you shouldn't get spam. If you do, you have spyware, someone has given away your address, or you have posted it somewhere. Or my experience is exceptional; but I have set up similar accounts for others, who share my experience.

The major problem is when people put me in their mailboxes, or send out mailings to multiple people without BCCing addresses. People I know who send me crap mass-mailings, because they don't know to BCC the addresses incur my wrath. That said, my wrath mostly consists of tutting and shaking my head regretfully.

Cheers,
Rat.

 

[Blackwell]

You don't necessarily have to give out an email address or post it anywhere to start getting spam on that account. My ISP allows me to have up to five different email addresses; I set one up just to test the procedure for doing so and have never given that address to anyone, sent email from it to anyone except my primary account or included it in a Web or Usenet post.

It still gets nearly as much penny stock scam, "online pharmacy" and fake Rolex spam as my primary ISP account.

I'm not sure how this happens, but it may have something to do with the occasional incoming email with forged headers and a totally empty body that I see from time to time.

I've run into similar problems; as soon as I registered my domain, I started getting spam (unfortunately, my mailserver is set to receive messages addressed to any name@myserver.com; when I registered my domain, I opted for the "hide my name in the whois listing" selection, but that doesn't seem to have helped.)
My main gmail acct gets a fair share of spam, but gmail does a pretty good job of filtering it to the junk folder. My second gmail acct is rarely used, and has never had a single spam message. My Mail app (Mac OSX) filters spam, but has been doing a less than stellar job than I remember it being capable of. It has a "training" function that you can toggle on and off so that it can "learn" what types of messages you manually tag as spam, but I probably get an equal number of auto-tagged and un-tagged spams.

 

[Meffy]

Every one of my business email accounts has been compromised pretty fast, even those never listed on a website. *sigh* Life is funny these days.

 

[ktesibios]

I suspect that the wonderful people who generate and sell address lists for spammers might be using something akin to a dictionary attack. Send blank emails to an assortment of possible usernames at a given ISP with a valid (throwaway) from or reply-to address, and eliminate the ones that bounce. If it doesn't bounce, it's probably an active account.

I tend to take my usernames from ancient history, so a program that generates pronounceable combinations of consonants and vowels would hit me sooner or later.

 

[kevin]

The hardcore spammers usually don't bother vetting their lists because in order to track bounces they have to use a real e-mail from address and they don't want to do that.

I also haven't seen too many dictionary attacks. I have several domains with no web presence and global e-mail redirect (no matter what address it is sent to it comes to my primary account), I'll occassionally get e-mail for those domains on the e-mail listed in whois but never random name e-maillings.

Although large domains may see things my little domains just don't attract enough attention for.

It's just too easy to screen scrape e-mail addresses or pay an unscrupoulous employee at AOL, Google, Yahoo, Hotmail to send you the usernames created in the last year....

 

[Vitnir]

That stock spam is currently the only spam that gets through gmail, my favourite subject line is "excrement buffet"

 

[brettDbass]

On a similar theme, I imagine it is very wrong of me to find this line from a recent spamail amusing...

"My boss is in business with one of the greatest
business Mongols of all time."