SPAMCOP HOME · SPAMCOP FAQ · NEWSGROUPS · FORUM FAQ · WEBMAIL · SSL WEBMAIL · SPAMCOPWIKI


 Other words, data, places -->  SpamCop Pages V  FAQs & Words V  Newsgroups V  WebMail V  News-Recent Stuff V   Poll on menu

------>------> Latest and Current Announcements <------<------

Welcome Guest ( Log In | Register )

> This is a User to User Support Forum

The primary mode of support here is peer-to-peer, meaning users helping other users. (please remember this at all times!)
Another try:
This forum is composed of people who have used spamcop and those who are learning about anti-spam efforts.

 
Reply to this topicStart new topic
> I'm a spammer . . . NOT!
fragilesi
post Oct 12 2005, 11:39 AM
Post #1


Newbie
*

Group: Members
Posts: 5
Joined: 12-October 05
Member No.: 4653



Apologies if I'm in the wrong place . . . but I couldn't see an obvious answer to this in the FAQ. 3-6 times per day I'm getting e-mails from postmaster[at]lindenhomes.co.uk, the source of one is pasted at the end.

Thing is, I'm 99.99999% sure that they cannot possibly be getting the mail from me and I've told them so several times (direct to postmaster and the original cited e-mail address not the null return path). They keep arriving and they do not reply. I suppose I could just blacklist them but I'm sure I cannot be the only one getting these pointless e-mails.

Anything I can do? I didn't feel happy reporting this directly as Spam like I would normally.

QUOTE
Return-Path: <null[at]lindenhomes.co.uk>
Delivered-To: cqmail-net-simon[at]cqmail.net
Received: (qmail 24152 invoked from network); 12 Oct 2005 14:46:12 -0000
Received: from unknown (HELO c60.cesmail.net) (192.168.1.105)
  by blade2.cesmail.net with SMTP; 12 Oct 2005 14:46:12 -0000
Received: from mailgate.cesmail.net ([216.154.195.36])
  by c60.cesmail.net with ESMTP; 12 Oct 2005 10:46:12 -0400
X-IronPort-AV: i="3.97,207,1125892800";
  d="txt'?scan'208"; a="287655941:sNHT97106076"
Received: from mail.which.net [194.168.97.11]
by mailgate.cesmail.net with POP3 (fetchmail-6.2.1)
for simon[at]cqmail.net (single-drop); Wed, 12 Oct 2005 10:46:12 -0400 (EDT)
Received: from mail1.lindenhomes.co.uk ([213.1.255.36])
          by kx1-gui.server.which.net
          (InterMail vK.4.04.00.00 201-232-137 license e70b2acfbd69d84cc925654164bd8fad)
          with ESMTP
          id <20051012141428.YGKN27116.kx1-gui[at]mail1.lindenhomes.co.uk>
          for <Yes.Fragile[at]Which.Net>; Wed, 12 Oct 2005 15:14:28 +0100
Received: from [127.0.0.1] by mail1.lindenhomes.co.uk (GMS
11.01.3365/KW6304.00.7bc0cd6d) with ESMTP id zdbhuaaa for
Yes.Fragile[at]Which.Net; Wed, 12 Oct 2005 15:14:28 +0100
Received: from mail1.lindenhomes.co.uk (mail1.lindenhomes.co.uk [125.125.1.6])
by mail1.lindenhomes.co.uk (GMS 11.01.3365/KW6304.00.7bc0cd6d) with ESMTP id
idbhuaaa for Yes.Fragile[at]Which.Net; Wed, 12 Oct 2005 15:14:21 +0100
From: "postmaster[at]lindenhomes.co.uk" <null[at]lindenhomes.co.uk>
To: "Yes.Fragile[at]Which.Net" <Yes.Fragile[at]Which.Net>
Subject: Anti-Spam Content Alert
Date: Wed, 12 Oct 2005 15:14:21 +0100
Message-Id: <14142137509405[at]mail1.lindenhomes.co.uk>
X-Mailer: Gordano Messaging Suite v11.01.3365
Reply-To: <null[at]lindenhomes.co.uk>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="==_14142137509406/mail1.lindenhomes.co.uk==_"
X-MMLScript: BYPASS (0)
X-AVLoop: lindenhomes.co.uk
X-Quarantine: BYPASS (0)
X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on blade2.cesmail.net
X-Spam-Level:
X-Spam-Status: hits=0.5 tests=TO_ADDRESS_EQ_REAL version=3.0.3
X-SpamCop-Checked: 192.168.1.105 216.154.195.36 194.168.97.11 213.1.255.36 4.4.0.0 127.0.0.1 125.125.1.6

This is a MIME-encapsulated message

--==_14142137509406/mail1.lindenhomes.co.uk==_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

WARNING! You have attempted to send an unacceptable message to the following address:

plc[at]lindenhomes.co.uk


--==_14142137509406/mail1.lindenhomes.co.uk==_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

The message has been checked by the GMS Anti-Spam Protection Package.


--==_14142137509406/mail1.lindenhomes.co.uk==_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

The following issues were found:

Attachment: Info.exe Virus Name: W32/Bagle.CW[at]mm (exact)


--==_14142137509406/mail1.lindenhomes.co.uk==_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

The message headers follow:


--==_14142137509406/mail1.lindenhomes.co.uk==_
Content-Type: message/rfc822-headers
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Date: Wed, 12 Oct 2005 15:14:18 +0000
To: "Plc" <plc[at]lindenhomes.co.uk>
From: "Yes.Fragile" <Yes.Fragile[at]Which.Net>
Subject: Re: Msg reply
Message-ID: <unrridtfetpxtauhhec[at]lindenhomes.co.uk>
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------fkaivsoosvfbdsdfxjwt"
X-AntiVirus: Checked for viruses by Gordano's AntiVirus Software
X-AntiSpam: Checked for restricted content by Gordano's AntiSpam Software


--==_14142137509406/mail1.lindenhomes.co.uk==_
Content-Type: text/plain; charset="us-ascii"; name="footer.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline; filename="footer.txt"

Information in this email and attachments is confidential.  If you are not the intended recipient please contact the sender.  Any opinions are those of the author and do not necessarily represent those of Linden.  Linden accepts no liability for any errors which arise as a result of internet transmission.  Any email received by Linden may be monitored or inspected to ensure the systemsí effective operation and other lawful business purposes.

--==_14142137509406/mail1.lindenhomes.co.uk==_--

User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Wazoo
post Oct 12 2005, 12:36 PM
Post #2


What Life?
Group Icon

Group: Forum Admin
Posts: 13194
Joined: 22-January 04
From: Iowa
Member No.: 18



Not one word abouut anti-virus/trojan tools in use, jumping over to one of the on-line virus scanners, etc. The 99.9999% sure defense has been used by many folks, ye ... turns out that their machines are cesspools of stuff not seen by the free antivirus tool that came with their computer (when they bought it two years prior) ... updates had never been attempted or ignored when the "more money" thing came up .... You haven't 99.99999% convinced me that there may not actually be a security issue on your system ...????

Have you sent an e-mail to yourself to see if that e-mail arrives with an attatchment that you didn't send?

And yes, moving this to the Lounge as it does not seem to be an actual Reporting problem with the SpamCop Parsing & Reporting tool set.
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Jeff G.
post Oct 12 2005, 02:15 PM
Post #3


T-shirt wearing out
Group Icon

Group: Membersph
Posts: 3730
Joined: 2-July 04
From: Northeast New Jersey (New York Metro Area), USA ... Please read my sig. :)
Member No.: 2041



I, too, have been getting bounces from antivirus systems and mailservers due to viruses, worms, and spam sent to full mailboxes, nonexistent mailboxes, and mailboxes protected by various and sundry challenge/response systems. The vast majority of those bounces are misdirected, in that they come to email addresses that either never existed or haven't worked in years because they were associated with former employees. I Report all the misdirected bounces without fanfare. For those admins who do reply that their unsolicited (by legitimate users in my domains, anyway) anti-worm, anti-virus, or bounce notification is not spam and that I was somehow mistaken in reporting it, I use the following template, which you may use as well:
QUOTE
[Title],

Thank you for your message.

While almost everything you have written below is correct, referencing [Tracking URL] and [Tracking URL with ";action=display" appended without quotes], the email message which I received, reviewed, determined to be reportable, and reported in a SpamCop Report via email to [addressee] on [date] at and shortly before [time with timezone], is a misdirected bounce, which should be avoided by using 500-series errors during the SMTP transaction.  It was also sent to email address [recipient address], which is not and never has been authorized for use on the [domainname] domain [or which has not been authorized for use for multiple years].

Such misdirected bounces are now considered abusive and reportable by SpamCop per the "Messages which may be reported" section of "On what type of email should I (not) use SpamCop?" at http://www.spamcop.net/fom-serve/cache/14.html and the "Misdirected bounces" section of "Why are auto-responders (and delayed bounces) bad?" at http://www.spamcop.net/fom-serve/cache/329.html#bounces .

[If the respondent uses Exchange Server 5.5]You can avoid sending misdirected bounces by avoiding sending NDRs entirely, specifically by applying "Update available in Exchange Server 5.5 to control whether the Internet Mail Service suppresses or delivers NDRs" per http://support.microsoft.com/default.aspx?...kb;en-us;837794 and using "Value data" of "10".

Also, where are the Received Header Lines for the original spam [or where are the Header Lines or where is the original message]?  How can you or we track the spammer who forged our user's email address and tried to spam your user [or the infected machine] without complete info in your bounce?  Without the Received Header Lines for the original spam, we must conclude that the original spam [or worm or virus] came from inside your network.  If you can't adjust your systems to bounce during the SMTP transaction, please at least provide the full headers and body of the message in your bounces, and forward the missing pieces for this spam if you can find them.

We have been seeing and Reporting a lot of instances of misdirected bounces to addresses matching andrew????@[domainname] of spam sent through open proxies with forged Received Header Lines fingering [one of our MXs].

Thanks and Best Regards,

[Name]
[Title]
The admins of cnn.com have been particularly egregious in stripping off Received Header Lines, and my many complaints about that appear to have gone into a black hole, except that someone writing for abuse[at]rr.com disclaimed responsibility. Silly me, I was trying to treat all of AOL Time Warner as one company and including one of my immediate ISPs' abuse desks in hopes they could help. (IMG:style_emoticons/default/smile.gif)

This post has been edited by Jeff G.: Oct 13 2005, 09:52 AM


--------------------
Best Regards, Jeff G. (full signature)
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
fragilesi
post Oct 13 2005, 06:28 AM
Post #4


Newbie
*

Group: Members
Posts: 5
Joined: 12-October 05
Member No.: 4653



Okay, well thanks "I think" for the reply . . .

Let me explain the reasons for my "certainty". The e-mail account they are "replying" to is one that I *read* on Spamcop from two PC systems, I haven't sent mail on it for many months and in fact I dont even have an identity set up for it to do so! Spamcop webmail is the *only* method I have used to access the account from either system since they were first built. This started happening quite recently and continues.

Of the two systems, on both I have fully licensed McAfee security software which tells me that not only do I have the latest virus scanning engines and the latest virus signature files but also that according to them I have no viruses present on either system. Both are set up to download engine and definitions and then scan at 5am each and every single day and have been since they were installed. The home machine also has the full McAfee Security Centre setup. These two systems by the way are the *only* ones that I use.

So it's fine with me, you're not inclined to help, I posted in the wrong place bla bla, your idea of customer care is to assume that someone asking a question is stupid. Lessons learned on my part. Time to look elsewhere.

Oh yes, and shock horror, mail sent to myself arrives virus free . . .


QUOTE(Wazoo @ Oct 12 2005, 06:36 PM)
Not one word abouut anti-virus/trojan tools in use, jumping over to one of the on-line virus scanners, etc. The 99.9999% sure defense has been used by many folks, ye ... turns out that their machines are cesspools of stuff not seen by the free antivirus tool that came with their computer (when they bought it two years prior)  ... updates had never been attempted or ignored when the "more money" thing came up ....  You haven't 99.99999% convinced me that there may not actually be a security issue on your system ...????

Have you sent an e-mail to yourself to see if that e-mail arrives with an attatchment that you didn't send?

And yes, moving this to the Lounge as it does not seem to be an actual Reporting problem with the SpamCop Parsing & Reporting tool set.
*

User is offlineProfile CardPM
Go to the top of the page
+Quote Post
fragilesi
post Oct 13 2005, 06:32 AM
Post #5


Newbie
*

Group: Members
Posts: 5
Joined: 12-October 05
Member No.: 4653



QUOTE(Jeff G. @ Oct 12 2005, 08:15 PM)
I, too, have been getting bounces from antivirus systems and mailservers due to viruses, worms, and spam sent to full mailboxes, nonexistent mailboxes, and mailboxes protected by various and sundry challenge/response systems.  The vast majority of those bounces are misdirected, in that they come to email addresses that either never existed or haven't worked in years because they were associated with former employees.  I Report all the misdirected bounces without fanfare.  For those admins who do reply that their unsolicited (by legitimate users in my domains, anyway) anti-worm, anti-virus, or bounce notification is not spam and that I was somehow mistaken in reporting it, I use the following template, which you may use as well:The admins of cnn.com have been particularly egregious in stripping off Received Header Lines, and my many complaints about that appear to have gone into a black hole, except that someone writing for abuse[at]rr.com disclaimed responsibility.  Silly me, I was trying to treat all of AOL Time Warner as one company and including one of my immediate ISPs' abuse desks in hopes they could help. (IMG:style_emoticons/default/smile.gif)
*



Thanks for that, I may just try the suggested template, though at the moment they simply are not replying. I'll see if my latest set of complaints get me anywhere with them first though.

Part of the reason I raised this is that I agree with you, poorly configured software - which I think this is - could end up being as big a problem as the original spammers themselves.
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
turetzsr
post Oct 13 2005, 07:58 AM
Post #6


What Life?
Group Icon

Group: Membersph
Posts: 5134
Joined: 26-January 04
From: Michigan USA
Member No.: 59



QUOTE(fragilesi @ Oct 13 2005, 07:28 AM)
<snip>
So it's fine with me, you're not inclined to help,
*
...WHAT???!!?!? If Wazoo were not inclined to help, he simply would not have replied. In fact, I see a couple of suggestions that he made to further research the problem....
QUOTE(fragilesi @ Oct 13 2005, 07:28 AM)
I posted in the wrong place
*
...My, how rude of Wazoo to mention that! I wonder why he brought that up. Oh, wait:
QUOTE(fragilesi @ Oct 12 2005, 12:39 PM)
Apologies if I'm in the wrong place
*
QUOTE(fragilesi @ Oct 13 2005, 07:28 AM)
your idea of customer care is to assume that someone asking a question is stupid. <snip>
*
...From whence came this? I see no suggestion whatever in Wazoo's reply that anyone is stupid, simply suggestions and a reasonable attempt to prompt further information from you in terms of why you were sure that someone was not getting some e-mail from you. Besides, you are not his customer and he owes you nothing in particular in terms of service -- he's a volunteer, as are almost all of us here. The "Admin" tag by his name refers only to his role here in the Fora.
QUOTE(fragilesi @ Oct 13 2005, 07:28 AM)
Lessons learned on my part.  Time to look elsewhere.
<snip>
*
...This is the best place with the most knowledgeable people you are likely to find. If you lose the easily-bruised ego, you'll make more headway, wherever you choose to look. (IMG:style_emoticons/default/smile.gif) <g>


--------------------
..Regards,
...Steve T

...A Happy SpamCop.net reporting user (not an employee)
...Please avoid replying via e-mail, as it is not secure
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
shmengie
post Oct 13 2005, 09:06 AM
Post #7


Member
**

Group: Members
Posts: 97
Joined: 19-February 05
Member No.: 3629



You know....

McAfee is good. But it aint perfect. None of the virus scanners are.

Norton may be the worst, but for some reason I placed a false trust in it.

A friend of mine had cought a virus or actuall very many. Norton was kept uptodate, so I had asssumed it was something else that stopped his mahcine from booting. He reported no unusual circumstance, he shutdown as usual and next boot it simply refused.

The registry was corrupted, and the best guess I could fathom was that it was not being closed properly. I took his word, that he was doing everything proper, and resolved the registry issue, which was no easy chore.

All was well for a few months and the same thing happened again. Again, virus updates in place, no unusual circumstance, etc. etc...

The registry again was corrupted. Turns out several virus were infecting this machine. Yet norton said it was clean.

clamwin.com's free antivirus found the most abuses of this machine. Microsoft's beta spyware found a couple. and avg's personal free virus detection found one or two that clamwin ignored.

I can't stand either norton or mcafee, they are very intrusive, but the are more complete solutions than clamwin. Avg seems quite good, but nearly as annoying as norton and mcaffe.

I hardly ever remember to run a virus scanner on my machine, but *I know* I keep it clean. I never-ever click on attachments I don't know exactly what their purpose is. I don't allow rogue browser add-ins to ever be installed. (ok, I caved and let flash on board, but I hate it, so I uninstall it every so often too. I've got a peppy machine, but flash simply eats too much memory).

I've been a computer geek for 20 and some odd number of years. I can get away with this act of stupidity. I would never recommend to another.

The moral, unless you know your machine is clean, it's possible it is not.

Right now, there are spambots, several domains and name servers hosted on virus infected machines. Its discusting! I can't put an end to it, which is very frustrating.
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
fragilesi
post Oct 13 2005, 11:10 AM
Post #8


Newbie
*

Group: Members
Posts: 5
Joined: 12-October 05
Member No.: 4653



Okay guys, I surrender. I hoped this would be an interesting topic but so far - to some extent justifiably as I mistook the meaning of the Admin tag (my bad for sure) - I've had it suggested that my machine is a cesspool, I've got a an easily bruised ego and I'm a cheapskate who doesn't like paying for his software. Odd seeing as I'm one of the few mugs on the planet who actually does pay his way for *all* the software he runs . . . I won't go into the ego part as it's probably too close to home (IMG:style_emoticons/default/rolleyes.gif)

And I've been told to send an e-mail to myself (IMG:style_emoticons/default/smile.gif) .

Fortunately shmengie has given me some food for thought though I'm still confused given that the address being spoofed is not configured on my machines other than through the use of Spamcop's webmail. The virus mentioned seems to be reasonably well known so I think McAfee should pick them up. That's why I asked here to see if there were further ways that I could understand the source of the problem.

So, I apologise for going off on one but I took exception to the tone of the initial response which I'm hoping you'll accept is hardly "encouraging". Fortunately, I think that I have found my answer though from McAfee's virus encyclopedia, this "bagle" thing replicates via e-mail and forges the from address. So, I'm guessing that someone out there is infected and sending the e-mail, who has my address in their address book.

All I need now is to convince this Lindenhomes mob to understand that and sort their software out . . . maybe.
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
shmengie
post Oct 13 2005, 11:31 AM
Post #9


Member
**

Group: Members
Posts: 97
Joined: 19-February 05
Member No.: 3629



I can't speak for wazoo, but i know its hard to deal with the same questions repeated often.

I used to work with a girl in a bank office building. She would ask the same question 4 - 5 times before, the next week would roll in and a new question received the same treatment.

Though you haven't aske the same here, yourself, it bares similiarity.

In the end, it is 100% probable a virus is the conduit, to which you have been inducted into the realm of increased spam. Unfortunatly, that says very little for you personally, other than you another victem.

The virus does not need to exist on your equipment for it to have this affect. Someone who has you in their address book or has received mail with your address in it, is likely comprimised. It's important to be aware of the state of your own equipment, but there is little you can do to protect your e-mail sent from falling into the abyss.

It sux. nuff said. Hate spammers, because they love it.
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Jeff G.
post Oct 13 2005, 11:32 AM
Post #10


T-shirt wearing out
Group Icon

Group: Membersph
Posts: 3730
Joined: 2-July 04
From: Northeast New Jersey (New York Metro Area), USA ... Please read my sig. :)
Member No.: 2041



Here's an unexpected but refreshing response:
QUOTE
Date: Tue, 11 Oct 2005 12:27:56 -0700 (PDT)
From: Colin Dick <cdick[at]mail.ocis.net>
To: [Report ID]@reports.spamcop.net
Subject: Spamcop report id:[Report ID]

Hello SpamCop user,

Hello and thanks for your report.  Please be aware that the
message you received was a bounce message, likely due to a virus that
spoofed your name as the sender.  We understand that this is still an
unwarranted message as far as you are concerned and realize that SpamCop
recently deemed bounces to spoofed senders as spam.
We are researching ways to detect spoofed sender bounces.  The
issue has to do with our MX server accepting mail and delivering it to our
primary mailserver.  The primary mailserver rejects the message due to an
invalid recipient and sends a bounce to the initial sender.  We are trying
to find a way for our MX server to know our local usernames so that it can
reject the initial message immediately which would ensure this type of
issue cannot occur.
Thanks again for your report.  Have a great day.

--
Colin Dick
OCIS Admin

--
Please use the link below to review the report in question:
[Report History URL]


--------------------
Best Regards, Jeff G. (full signature)
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Jeff G.
post Oct 13 2005, 11:48 AM
Post #11


T-shirt wearing out
Group Icon

Group: Membersph
Posts: 3730
Joined: 2-July 04
From: Northeast New Jersey (New York Metro Area), USA ... Please read my sig. :)
Member No.: 2041



You write that the address in question has received spam before. If you Reported that spam without munging (or possibly with SpamCop's basic munging), your Report(s) ended up in at least one mail admin's mailbox, and may have been forwarded to one or more spammer and/or other admin. Any of those recipients could have gotten infected with a spoofing worm or virus, and directly sent the worm to "Plc" <plc[at]lindenhomes.co.uk> (spoofing your address), or they could have sent a spoofing worm or virus to another machine (spoofing your address), which then directly sent the worm to "Plc" <plc[at]lindenhomes.co.uk> (spoofing your address), etc.

It is frankly disappointing that Gordano Messaging Suite v11.01.3365 running on mail1.lindenhomes.co.uk appears to strip Received Header Lines on purpose when bouncing a worm that is known to spoof source addresses - this is the same kind of antisocial behavior CNN's cnn.com is pulling, although cnn.com is bouncing for other reasons (user not found, IIRC).


--------------------
Best Regards, Jeff G. (full signature)
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Wazoo
post Oct 13 2005, 01:07 PM
Post #12


What Life?
Group Icon

Group: Forum Admin
Posts: 13194
Joined: 22-January 04
From: Iowa
Member No.: 18



QUOTE(fragilesi @ Oct 12 2005, 11:39 AM)
Apologies if I'm in the wrong place . . . but I couldn't see an obvious answer to this in the FAQ.  3-6 times per day I'm getting e-mails from postmaster[at]lindenhomes.co.uk, the source of one is pasted at the end.
*

Here's we/I started going wrong ... lack of a timeframe mentioned .... had it been stated with something like "for the last few days" ... I would have pointed to a FAQ entry here such as "Why am I getting all these bounces" ..... However, my 'read' took the 'background' as this being a "constant" .... immediately thinking of a "QuickInspirations" spam thing that I fought for over 3 or 4 months before simply blocking that IP block completely ....
QUOTE
Thing is, I'm 99.99999% sure that they cannot possibly be getting the mail from me and I've told them so several times (direct to postmaster and the original cited e-mail address not the null return path).  They keep arriving and they do not reply.  I suppose I could just blacklist them but I'm sure I cannot be the only one getting these pointless e-mails.

As I stated, this was also one of those "triggers" that set my response mode. U've heard that too many times, right up there with "I never click on those things" (in one case followed with "well, I clicked on that one to see if it was one of those things you told me never to click ...")
QUOTE(fragilesi @ Oct 13 2005, 11:10 AM)
Okay guys, I surrender.  I hoped this would be an interesting topic but so far - to some extent justifiably as I mistook the meaning of the Admin tag (my bad for sure)

From my perspective, not sure what "Admin" has to do with anything ...
QUOTE
- I've had it suggested that my machine is a cesspool, I've got a an easily bruised ego and I'm a cheapskate who doesn't like paying for his software.  Odd seeing as I'm one of the few mugs on the planet who actually does pay his way for *all* the software he runs . . . I won't go into the ego part as it's probably too close to home  (IMG:style_emoticons/default/rolleyes.gif)

And I've been told to send an e-mail to myself  (IMG:style_emoticons/default/smile.gif) .

Again, based on what I "read" in your original post, suggestions made to attempt to clear up the other possibilities. I don't see that I explicitly made those comments about you and your system as fact, they were part of an explanation of some scenarios that I see on a daily basis.
QUOTE
Fortunately shmengie has given me some food for thought though I'm still confused given that the address being spoofed is not configured on my machines other than through the use of Spamcop's webmail.  The virus mentioned seems to be reasonably well known so I think McAfee should pick them up.  That's why I asked here to see if there were further ways that I could understand the source of the problem.

Now you're talking of an anti-vitus tool that's running on your system, but the "problem" situation beingdescribed now is that there is a computer somewhere else infected .. and the e-mail yyou're seeing may (ptobably) have hed the vitus removed before it was sent on / back to you ....
QUOTE
So, I apologise for going off on one but I took exception to the tone of the initial response which I'm hoping you'll accept is hardly "encouraging". 

And in that case, I'll point to the FAQ entry here titled "How to ask a good question ..." or even the "How to use .. SpamCop Forum" introduction ... somewhere in all that you'll note that the key concept is "provide enough data"
QUOTE
Fortunately, I think that I have found my answer though from McAfee's virus encyclopedia, this "bagle" thing replicates via e-mail and forges the from address.  So, I'm guessing that someone out there is infected and sending the e-mail, who has my address in their address book.
*


And again, pointing out that anti-virus/trojan stuff is reactionary, thus always behind the curve. Lowlife writes a new version, kicks it off into the world ... it has to be seen/noticed, the anti-virus company needs to get a copy, analyze it, come up with a detection tool (possibly a removal tool), add that to their library, put that new library up for distribution, end-user needs to see that new library, download it, install it, then run it ... and in the meanwhile, some other lowlife is busy creating yet another 'new' version ..... most folks don't seem to be able to grasp that side of the issue.
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
fragilesi
post Oct 13 2005, 01:59 PM
Post #13


Newbie
*

Group: Members
Posts: 5
Joined: 12-October 05
Member No.: 4653



QUOTE(Wazoo @ Oct 13 2005, 07:07 PM)
Here's we/I started going wrong ... lack of a timeframe mentioned .... had it been stated with something like "for the last few days" ... I would have pointed to a FAQ entry here such as "Why am I getting all these bounces" ..... However, my 'read' took the 'background' as this being a "constant" .... immediately thinking of a "QuickInspirations" spam thing that I fought for over 3 or 4 months before simply blocking that IP block completely ....†

As I stated, this was also one of those "triggers" that set my response mode.† U've heard that too many times, right up there with "I never click on those things" (in one case followed with "well, I clicked on that one to see if it was one of those things you told me never to click ...")

I can see the point, and I clearly didn't research the FAQ well enough though to be honest I would never have associated the word "bounce" with what I was seeing.

QUOTE
From my perspective, not sure what "Admin" has to do with anything ...

Very simply I took that as meaning you were a representative of Spamcop.

QUOTE
Again, based on what I "read" in your original post, suggestions made to attempt to clear up the other possibilities.† I don't see that I explicitly made those comments about you and your system as fact, they were part of an explanation of some scenarios that I see on a daily basis.

I guess the smilies, the "sorry" and the omment about ego haven't triggered the fact that I was talking toungue in cheek and in a more conciliatory mode then . . . but rest assured that's what was intended.

QUOTE
Now you're talking of an anti-vitus tool that's running on your system, but the "problem" situation beingdescribed now is that there is a computer somewhere else infected .. and the e-mail yyou're seeing may (ptobably) have hed the vitus removed before it was sent on / back to you ....

I only talked about the anti-virus tools because you suggested that I might be one of those who didn't take them seriously . . . and in the end the support for that tool got me to the answer.

QUOTE
And in that case, I'll point to the FAQ entry here titled "How to ask a good question ..."† or even the "How to use .. SpamCop Forum" introduction ... somewhere in all that you'll note that the key concept is "provide enough data"

So there's an irony here in that all the data that was needed was in there. Once I thought of looking up the named virus in the McAfee website the likely answer became self-evident.

QUOTE
And again, pointing out that anti-virus/trojan stuff is reactionary, thus always behind the curve.† Lowlife writes a new version, kicks it off into the world ... it has to be seen/noticed, the anti-virus company needs to get a copy, analyze it, come up with a detection tool (possibly a removal tool), add that to their library, put that new library up for distribution, end-user needs to see that new library, download it, install it, then run it ... and in the meanwhile, some other lowlife is busy creating yet another 'new' version ..... most folks don't seem to be able to grasp that side of the issue.
*


For what it's worth I very much understand that.
User is offlineProfile CardPM
Go to the top of the page
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 

- Lo-Fi Version Time is now: 21st September 2014 - 07:06 AM