SpamCopWiki : OE6SecureHandling

SpamCopWikiHome :: Categories :: PageIndex :: RecentChanges :: RecentlyCommented :: Login/Register

OE6 Secure handling of e-mail


Why Forward won't work


(settings based on the current updates/patched version of Outlook Express 6, running under Windows-98SE)

Outlook Express 6 - all current updates applied
Tools | Options | Security
Checked box - Restricted Zone (see Note 1).
Checked box - Warn me when other applications ....
Checked box - Do not allow attachments to be saved .... (see Note 2).

Tools | Options | Receipts
Checked box - Never send a read receipt

Tools | Options | Read
Checked box - Read all messages in Plain Text
(other boxes here at your option)

Tools | Options | Connection
Checked box - Ask before switching dial-ip connections

Note 1: You must set Restricted Zone settings under Internet Explorer (IE)
IE | Internet Options | Security
Select Restricted Zones
Click on the Custom Level button
If items are not "Disabled" then at least set them to "Prompt"
(you don't want anything to "run" here .. and setting to "Prompt" usually just means that you will see a pop-up warning like "an ActiveX script wants to access your system .. click yes or no" .... which as you see doesn't tell you anything about what the script is, what part of your system it "wants" ... never mind what it's going to do if you "allow" to access your system ... a whole lot easier to simply not allow access at all by going with "Disabled")

Note 2: Although great if setting up a "new" user, this is usually more than a bit frustrating to those that are accustomed to "click on the attachment to see what it is" ... which of course, is exactly why this option has been made available <g> This setting can be changed on a case-by-case basis if one has to absolutely handle the attachment, but better would be to view the source of the message first, then handle it however necessary .. copying the 'important stuff out to a 'new' file, changing this switch setting (and remembering to switch it back when done), or simply deleting the e-mail.
[Example, one of those infamous AOL Fwd: Fwd: Fwd: Fwd type e-mails that will show up as a blank screen in your Preview Panel (if it is turned on) ... When looking at the source of the message, scrolling down 20 or 30 screens full of all those other people's addresses that you've never heard of, only to finally get down to the "real" message and find that it was nothing more than a "mail this to everybody on your Buddy List in the next 30 minutes and your life won't turn to crap!!!!" ... believe me, better to have deleted it at first sight <g>)]

OK, now have to ask you to play along with me a bit, as we don't "do graphics" here, so we have to pretend a bit .... Here's a spam I received recently and all that showed in the Preview Panel is the following;

New Page 2NBC CBS & 60 Minutes Put this on national TV

THIS STUFF WORKS!

. . </ht

As you can see, not a lot of stuff there ..
If I was to right-click on the Subject Line in the list (or hit the Forward icon in the Toolbar) .. this is what would show up in the e-mail to be Forwarded;

From: "AMAZING NEW DIET PILL (seen on TV)" <xxxxxxx[at]idirect.ca>
To: <xxxxxx[at]hotmail.com>
Sent: Saturday, January 29, 2005 3:00 PM
Subject: Miracle Pill?

> New Page 2NBC CBS & 60 Minutes Put this on national TV
>
> THIS STUFF WORKS!
>
> . . </ht

Sending this to anyone else (especially the SpamCop parser) will end up with a question about just what you might be trying to accomplish, as there is no detail to show how you received the e-mail, much less identifying where it came from. We need to include the "real" source data of the e-mail to show the actual and full headers .. and in doing that, you might be surprised at what else shows up <g>

Right-click on that Subject Title once again (in the list of e-mails) ... Select "Properties" .... Select "Details" ... Select "Message Source" ... Right-click in that pop-up box, select "Select All" ... right-click again in that now highlighted text area and select "Copy" .... go back to your "e-mail to be forwarded" and right-click in that text area at a good spot (above or below the stuff already in there) and select "Paste" ... When looking at the sample spam I'm using, here's the surprise we were waiting for ... what was really in that e-mail that didn't make it to my screen;

X-Message-Status: n
X-SID-PRA: AMAZING NEW DIET PILL (seen on TV) <xxxxxxx[at]idirect.ca>
X-SID-Result: TempError
X-Message-Info: pC37NJ8+wY3fI16ovlxLdiTS2aoYxJNGJtIxyX4rRvQ=
Received: from cable-68-119-70-205.abr.al.charter.com ([68.119.70.205]) by mc6-f10.hotmail.com with Microsoft SMTPSVC(6.0.3790.211); Sat, 29 Jan 2005 13:01:37 -0800
From: "AMAZING NEW DIET PILL (seen on TV)" <xxxxxxx[at]idirect.ca>
To: xxxxxx[at]hotmail.com
Subject: Miracle Pill?
Date: Sat, 29 Jan 2005 13:00:35 -0800
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="--screwystringofmadeupcrapchanged"
Return-Path: somepoorinnocentperson[at]mail.rhein-ruhr.de
Message-ID:
X-OriginalArrivalTime: 29 Jan 2005 21:01:37.0789 (UTC)
FILETIME=[B91972D0:01C50645]

----screwystringofmadeupcrapchanged
Content-Type: text/html;
uasribsfgstychinicasfgllxpdbhrntuxscypoteicrwmpxutrotitasgcasfglefasentkno
wledpefectianmrhtyudlsenijexteeorphasneunrightly
Content-Transfer-Encoding: base64

PGh0bWw+DQoNCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVpdj0iQ29udGVudC1MYW5ndWFnZSIg Y29udGVudD0iZW4tdXMiPg0KPG1ldGEgaHR0cC1lcXVpdj0iQ29udGVudC1UeXBlIiBjb250 ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9d2luZG93cy0xMjUyIj4NCjxtZXRhIG5hbWU9IkdF TkVSQVRPUiIgY29udGVudD0iTWljcm9zb2Z0IEZyb250UGFnZSA0LjAiPg0KPG1ldGEgbmFt ZT0iUHJvZ0lkIiBjb250ZW50PSJGcm9udFBhZ2UuRWRpdG9yLkRvY3VtZW50Ij4NCjx0aXRs ZT5OZXcgUGFnZSAyPC90aXRsZT4NCjwvaGVhZD4NCg0KPGJvZHk+DQoNCjxwIGFsaWduPSJj Z2d1ZWxmc2ZnbmRjZnNmZ3NoYm9va1M7IGcgZkRESVRJT05mTCBnIExJZkJJTElUWSBnIG5v bnN1cHBrZXNzaW9ubWlja29raG9waWZzZmdzNjENCg0KLS0+DQouDQo8L2h0bWw+
----screwystringofmadeupcrapchanged--

As you can see, the "real" e-mail was very much different that what was displayed (again noting that I saved you from having to wade through screen after screen of gobbledygook with that big snip in the middle of the base64 encoded crap) ... Now we could talk about why and how all that gobbledyegook gets translated into "plain text" .. but that's for another time. We could also talk about how badly this e-mail was "composed" (actually, more like manufactured) looking at details not found (like what e-mail application was in use when this idiot "wrote the e-mail) ... details missing (like the lack of a second and an ending Boundary line) ... details totally bogus (like the alleged HTML section that is actually nothing then gibberish [or a bit of tracking data for the paranoid out there]) ... but we won't <g>

Some of the items I'm trying to show here;

  1. What you 'see' isn't necessarily what that e-mail contains.
  2. Securely handled, it's not likely that you will get bitten by an e-mail.
  3. With this data now captured, you can send your complaint .. in the case provided, I sent my complaint (entire spam content, no editing) to webcomplaints[at]ora.fda.gov , spam[at]uce.gov , and abuse[at]charter.net .... (again, decoding of the Base-64 crap to pull out referenced web-sites is for another story <g>)
  4. Why simply "Forwarding" your OE e-mail to the SpamCop parser doesn't work.

CategorySpamCopParsing
CategorySpamCopReporting

There are no comments on this page. [Add comment]

Page History :: 2006-02-04 17:45:03 XML :: Owner: WazoO :: Search:
Valid XHTML 1.0 Transitional :: Valid CSS :: Powered by Wikka Wakka Wiki 1.1.6.2
Page was generated in 0.0913 seconds