Help - Search - Members - Calendar
Full Version: Open SPAM messages
SpamCop Discussion > Discussions & Observations > SpamCop Reporting Help
nursemike
If I open spam messages, how does the sender of the spam know that I have done so? Sometimes I open them just to make sure that the messages are spam, but yet, I would hate that doing so to mean more spam being sent to me.

About munged reports: I find it amazing that some of the largest ISPs, such as SBC and Adelphia are refusing these reports. I have be checking the box and sending them anyway, but will not do so if it means more spam, or viri! Thank God for a good AV checker!
Miss Betsy
QUOTE
If I open spam messages, how does the sender of the spam know that I have done so?


They put web bugs in the spam that you can't see that send a message (like giving a response to someone who requests it) to the spammer saying you opened it.

I don't know about other email readers, but in OE you can check the message source without activating these bugs. Highlight spam, right click on mouse, choose properties (bottom of list), choose details, choose message source (at bottom of details tab).

QUOTE
About munged reports

It is a six to one and a half dozen to the other about sending munged reports. Many experienced reporters choose the unmunged reports in their preferences. They feel that the number of spammers who receive reports who will take your name off the list (listwashing) is balanced by the number who then sell it as a live address. In addition, if a spammer wants to track reporters, they can do so in so many ways that cannot be munged, that what munging spamcop does is no defense anyway.

Although ISP's will forward the spam to the spammer, generally it is the ISP's of the spamvertized sites, not the source IP address.

Miss Betsy
jseymour
QUOTE(Miss Betsy @ Jun 4 2004, 10:19 AM)
I don't know about other email readers, but in OE you can check the message source without activating these bugs.  Highlight spam, right click on mouse, choose properties (bottom of list), choose details, choose message source (at bottom of details tab).

Be careful, though. "Highlighting the spam" will (by default) preview the message in the preview pane - and this is often enough to trigger web bugs.

A better solution in OE is to view all messages in plain text. It garbles some HTML messages, but most will remain readable.

An even better solution is to switch to a mail client that has better options for such things. I prefer (and use) Mozilla - as you can specifically instruct it not to load remote images, yet keep the HTML formatting intact.

As for munging: I'm one of those reporters who sends all reports unmunged. The risks are retribution and increased spam - but I consider those to be small. The benefits are an increased respectability for Spamcop reports in general.
Miss Betsy
I should have mentioned, in addition, to reading in plain text, turn your preview panel off. I don't get to ever see any pretty pictures (or wallpapered emails), but I don't know whether I am really missing anything.

Miss Betsy
jseymour
QUOTE(Miss Betsy @ Jun 4 2004, 02:52 PM)
I should have mentioned, in addition, to reading in plain text, turn your preview panel off.  I don't get to ever see any pretty pictures (or wallpapered emails), but I don't know whether I am really missing anything.

I'm pretty sure that turning off OE's preview pane is not required if you're viewing in plain text.
WB8TYW
QUOTE(nursemike @ Jun 4 2004, 11:32 AM)
If I open spam messages, how does the sender of the spam know that I have done so?


If you have return receipts enabled, a few spammers seem to use them.

The rest has been discussed already, disable scripting, automatic opening of attachments, and opening external links, and the normal spammer and virus tricks will be foiled.

QUOTE(nursemike @ Jun 4 2004, 11:32 AM)
About munged reports:  I find it amazing that some of the largest ISPs, such as SBC and Adelphia are refusing these reports. I have be checking the box and sending them anyway, but will not do so if it means more spam, or viri!


Look at the source of spam, if it is from an open proxy as is most spam that I see, then the ISP will likely not be passing the report on to the spammer.

If abuse for the web site is refusing munged reports, then you should be more cautious about sending the reports. Keep in mind that web site reports only feed statistics, and not the DNSbl.

Some spammers do put hidden I.D. codes, and some spammers may retaliate, but most realize that there are too many spamcop.net reporters now for it to make it worth the time to concentrate on one.

QUOTE
Thank God for a good AV checker!

I do not have one. I have only received about 3 apparent worms that could possibly have been related to reporting a pump and dump scammer. And that was quite a while ago.

-John
Personal Opinion Only
JosephK
The webbugs/webbeacons are usually simple 1x1 pixel images requested via the standard http requests inside an HTML email. The spammer then has his web servers log all the requests.

If you are running a software firewall on the computer you are reading email from, you should be able to configure the firewall to eat/block all http requests from your email reader. This will let you view the HTML formatting without downloading any of the bugs/beacons. However, it will also prevent viewing of ANY linked pictures (but that is what the beacons are).
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2014 Invision Power Services, Inc.