Jump to content

clytie

Members
  • Content Count

    11
  • Joined

  • Last visited

Community Reputation

0 Neutral

About clytie

  • Rank
    Member
  • Birthday 09/06/1958

Contact Methods

  • Website URL
    http://
  • ICQ
    0

Profile Information

  • Interests
    How, why, where. who, what and when. Anything beyond those, as well. :)
  1. clytie

    Can I report Bouced Spam to Spamcop

    Thanks, Miss Betsy, that is encouraging. What I really had in mind was spammers in stocks, having rotten tomatoes thrown at them (eggs are too expensive nowadays), but what you say is helpful if less satisfying. from Clytie
  2. clytie

    Can I report Bouced Spam to Spamcop

    Thanks for the responses. My husband did say that smarter ISPs don't bounce, but his point was that it's hard to criticize the others doing something that's in the RFCs. I take your point that we can still suggest that they don't do it. I think one of the worst things about this, as Brian says, is the feeling of powerlessness. Your inbox is swamped, people are attaching your identity to acts of harrassment (which I firmly believe spams are) and you appear to have no decision power at all. Just wait it out, or change your address. Please point me to any link that shows we are winning against spammers: I need the moral lift. from Clytie <staring glumly at the huge pile of bounces and aways, clogging her mail pipe>
  3. clytie

    Can I report Bouced Spam to Spamcop

    Thankyou for all the information in this thread. I do feel for Paul, and for others in this position: I've had the odd bounce before, but not a flood, like today. Fortunately I could Jabber my husband at work, our local ISP, and ask him to block part of the message text (which was identical in all cases), and the flood dropped to a trickle (auto-aways and those which snip the body text). All the same, that isn't doing anything about the spamming, and from what you have all said above, there doesn't seem to be much we can do. I haven't received any personal email (flames, complaints), my flood consisted of auto-bounces and auto-aways ("I'm away right now, not reading my email" etc.). I doubt very much if writing to the ISPs auto-bouncing would achieve anything, but I'll give it a go. Edit: I was about to do so, discussing it with my husband, when he said that sending a message to the perceived sender when an email is undeliverable is in the RFCs. So it's not only defensible, it's almost mandated. He said, if it's hard for a human to work out if a header is forged, what hope does an ISP have, working automatically with thousands of them? Admittedly, the relevant RFCs were written before the spam/virus plague, but there doesn't seem to have been an update to deal with it. All of this out of my sphere, but leaves me wondering if there is _anything_ I can do. end edit. What horrifies me (and I'm sure upsets others in this position) is the thought that probably thousands of emails are bothering innocent people, with my name on them. It's really amazing how many people spammers can annoy, when they put their, um, wits into it. Strange use of resources, however sparse. Thanks for the info above: it really helped to be able to come here and have this thread available. from Clytie <stirring her inbox around cautiously with a stick>
  4. clytie

    SpamCop security breach

    Yes, it's much more of a challenge to build than to destroy: sand castles or dream castles. As long as we can see that Julian (is he the Commissioner of SpamCops? You have to have a Commissioner: someone who looks impressive and can give the media a lot of hogwash, um, statistics ) is trying to do his best, that's all anyone can do. I think more than anything else, most of the posters in this thread were, and certainly I was looking for more information. It's often the way: different audience. However, you still need to present the information in a way the audience can understand. Most likely in too much of a hurry, but at least we can offer. It's particularly useful to have someone proof something for you, because every piece of text needs checking, and that way, providing the meaning is clear in the original, the writer doesn't have to hash it over. Thanks for the response. from Clytie
  5. I have another dumb question, please bear with me if you can. I have discovered that I've been subbed to SpamCop for ages for email, and all I've been doing is forwarding spam from my normal account. I wonder if muddle-headedness is infectious... Stand back! So today I've been exploring my options, reading up, and last of all, configuring the SpamCop webmail, which looks like an excellent tool. However: although I set it to compose messages in Unicode by default, and although it would allow me to use my Unicode Vietnamese keyboard to input text which displayed correctly, when I sent a test email to my "normal" account, the message text arrived as mostly question marks. I use Mail for Mac OSX normally, and it allows me to choose different text encodings, but not to change the default. Normally, when I receive a Unicode mail (and I do a lot of mail in Vietnamese), when I select the Unicode encoding for that message, it then displays properly. It doesn't even start out as question marks, let alone end up that way. This puzzles me, because the content headers were as follows: Content-Type: text/plain; charset="UTF-8" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable I wonder what I'm doing wrong? I also don't know how to set the default text encoding for incoming messages. I've had a good hunt through the webmail Options, but I can't find that one. Am I missing something? (Yeah, I know, but I mean _in this case_, am I missing something?) I'd really appreciate any advice from someone who also uses Unicode for the webmail, or just from anyone who can advise me. Is there any chance of Vietnamese being added to the webmail languages? Huh, huh? Thanks very much for any responses. ?(Well, you know what I mean.) from Clytie
  6. clytie

    SpamCop security breach

    Thankyou to the Spamcops who have made all this specific information available. It has really helped me to understand what has happened. I'm sure you've taken onboard the parts about this that didn't originally work, and will improve things accordingly, as we all do, with different problems, day by day. If anyone is blaming you for the exploit, that's silly and not useful. I'm sure you did the best you could at the time. All I think most people have been saying, including me, is "I don't really understand what's going on: wouldn't the normal process have been to post information somehow on Spamcop where any user wouid trip over it?" The blame for our confusion and suspicion over the email rests squarely with the spammers who misuse advisory emails. Without such experiences, we would have been able to accept the email, and reply without perceived risk. If you ever want an email or other piece of text proofread for function (the intended effect on the audience), I'm happy to volunteer. Words, I know. Thanks again for your efforts. from Clytie
  7. Ah, thanks. I was having trouble working that one out. It was only a suggestion: you guys know your business best, and thus can come up with an effective warning/news bulletin which will unconfuse Spamcop users, one hopes. I still think something of that nature is necessary. People will look for that first, and, not finding it, be worried over whether the email is spam or not, and thus over whether they can trust _any_ email from Spamcop. from Clytie
  8. clytie

    SpamCop security breach

    I'm still confused, sorry. Is this right? 1. It is a genuine email from Spamcop, however vague and badly-spelt. 2. The people who received it did have their addresses compromised in some way. 3. This was an attempt by Spamcop to explain/communicate/apologize? It's not really very definite information of any kind, AFAI can see, that's one reason why I still feel confused about this. 4. We don't know what the next step is. I am sure the vast majority of users here, and possibly of the global population, are less confused about this than I am: can somebody please clear this up in plain, definite language (and may I suggest, put it somewhere prominent and obvious)? Thanks for replies, I can see you are trying to help, there's just too much cotton wool somewhere in between, quite possibly between my ears. from Clytie
  9. Thankyou for taking the time to answer. I'm sorry, I don't quite understand what you are saying: do you mean that some of what I suggested is already used by spammers? Sorry to be muddled. <blush> from Clytie
  10. clytie

    SpamCop security breach

    I received it, my husband received one at the same time, as did an unused address at his work, our local ISP. I've posted in detail on the email forum, on the "Spamcop sends virus?" thread. Although this spam doesn't ask the user to do anything much that would harm him or her, s/he is invited to reply, and the reply-to addresses are called "bounce" and "harvest", which could or could not be valid. There is a legitimate program called Harvest. It's quite confusing. However, it could well be enough for a spammer to create this level of confusion among Spamcop members, to make us wonder, "Gee, if we can't even trust email from Spamcop..." I gather that Spamcop may be engaged, as is their ongoing battle, in legal action with spammers. This type of email could be an effort to discredit Spamcop by a spammer. Or maybe I'm just too paranoid ... but I've never heard a good answer to: "If I'm paranoid, how come I keep getting spam?" I've posted the whole email, body and headers. below, even though the body was pasted above, it's easier to have it in one place. Hope that's OK. More detailed post in the Email forum, as stated above. Hey, another thing that bugged me: spammers are so often bad or careless spellers: check out the word "appologise" at the beginning of the body! Do we get the extra "p" for free? Thanks for posting here, my husband and I are still trying to work out this email... from Clytie ________________________headers of suspect email pasted below_____________________ From: harvestbug[at]admin.spamcop.net Subject: SpamCop security breach Date: 14 August 2004 9:55:12 AM To: clytie[at]riverland.net.au Return-Path: <harvestbounces[at]admin.spamcop.net> Delivered-To: clytie[at]riverland.net.au Received: (qmail 24879 invoked from network); 14 Aug 2004 00:25:12 -0000 Received: from unknown (HELO vmx1.spamcop.net) (64.74.133.248) by 203.18.28.195 with SMTP; 14 Aug 2004 00:25:12 -0000 Received: from unknown (HELO spamcop.net) (192.168.19.201) by vmx1.spamcop.net with SMTP; 13 Aug 2004 17:25:13 -0700 Precedence: list Message-Id: <wh411d5be8ge847[at]msgid.spamcop.net> X-Mailer: http://www.spamcop.net/ v1.370 Hello SpamCop user (or recipient of SpamCop reports), We appologize for this email, but we felt it was important to let you know of a recent security bug in the SpamCop codebase. This problem was fixed within hours of its discovery, but unfortunately your address was among the very small number that was revealed before we were able to resolve the problem. We want you to know that security remains our highest priority. We are always working to ensure that your account information remains secure. Please accept our sincere appologies for this serious oversight. If you have any questions, comments or concerns you may reply to this email to reach a SpamCop representative. Thank you for your understanding, - SpamCop management
  11. I would strongly recommend that a note about these spams is featured on Spamcop's front page, because not every user is going to penetrate to the forums and read through this thread. The spams look very genuine, no complex data trail, email addresses which appear to belong to this domain, X-mailer Spamcop etc. It's only by examining the headers carefully that you notice that you are invited to reply, if you wish, but that the reply email addresses start with "harvest" and "bounce". However, there is a legitimate program called Harvest. I'm not sure that my husband and I would have worked it out even then, except that not only were both of us "one of the very few addresses compromised" (which might even have made sense, since we registered at the same time) but one of the dead addresses at his work, our ISP, also received one. I don't think most users are going to have that much supplementary information, so I would recommend that there be a note about this on the front page: it's certainly what users expect, if there is a spam out purporting to come from any site, the site says so publicly on the front page, so you can't miss it. I've pasted the message in below, in case there is anything useful in it, or it varies from the 'normal' strain in any way. I hope that's OK. <nervously> I've only just registered for the forum, so I could post this. My husband and I are still trying to work out if this is a spam or not. He says no, I'm more suspicious... Thankyou for reading my post, and for the information you have provided here. At least, reading this thread helped me work out whether I was dealing with a spam or not. Spamcop might like to include in its front-page note something like this: "Spamcop will not send out any emails requiring an email response from you. Any email you do receive from us will ask you to come to our homepage, www.spamcop.net, by typing that address into your browser, or by using a bookmark you made of that site earlier. So any email purporting to come from Spamcop which invites you to reply, or to click on any link in the email, is spam." _________________________entire spam received, including headers____________________ From: harvestbug[at]admin.spamcop.net Subject: SpamCop security breach Date: 14 August 2004 9:55:12 AM To: clytie[at]riverland.net.au Return-Path: <harvestbounces[at]admin.spamcop.net> Delivered-To: clytie[at]riverland.net.au Received: (qmail 24879 invoked from network); 14 Aug 2004 00:25:12 -0000 Received: from unknown (HELO vmx1.spamcop.net) (64.74.133.248) by 203.18.28.195 with SMTP; 14 Aug 2004 00:25:12 -0000 Received: from unknown (HELO spamcop.net) (192.168.19.201) by vmx1.spamcop.net with SMTP; 13 Aug 2004 17:25:13 -0700 Precedence: list Message-Id: <wh411d5be8ge847[at]msgid.spamcop.net> X-Mailer: http://www.spamcop.net/ v1.370 Hello SpamCop user (or recipient of SpamCop reports), We appologize for this email, but we felt it was important to let you know of a recent security bug in the SpamCop codebase. This problem was fixed within hours of its discovery, but unfortunately your address was among the very small number that was revealed before we were able to resolve the problem. We want you to know that security remains our highest priority. We are always working to ensure that your account information remains secure. Please accept our sincere appologies for this serious oversight. If you have any questions, comments or concerns you may reply to this email to reach a SpamCop representative. Thank you for your understanding, - SpamCop management ______________________________end of pasted message___________________________
×