Jump to content
Sign in to follow this  
corvette6769

New Spam Trick?

Recommended Posts

I have my own domain names. One thing I did several years ago to fight spam was to give everyone a different email address for me so that I would know who to blame if I started getting spam. (i.e. I would give Microsoft Microsoft[at]MyDomainName.com, Yahoo Yahoo[at]MyDomainName.com, eBay ebay[at]MyDomainName.com and etc.) This worked fine for many years as all the emails would be delivered to my Catch-All email address and if one did end up on a spam list, I could go and change it to something else and blackhole the old name.

Problem is that all of the sudden, I have started getting tons of spam addressed to made-up email addresses (that I did not create) flooding my catch-all. Apparently they have loaded a list of common sir names into their spam program that now sends 100's of emails to *****[at]MyDomainName.com daily.

Any ideas how to combat this?

Share this post


Link to post
Share on other sites

Yes...turn off the catch all and turn on the specific addresses you have in use. More work, I know, but spammers have ruined the trust we used to have in the SMTP system.

While this may be recent for you, many of us have been dealing with this problem for several years now.

Share this post


Link to post
Share on other sites
I have my own domain names.  One thing I did several years ago to fight spam was to give everyone a different email address for me so that I would know who to blame if I started getting spam.  (i.e. I would give Microsoft Microsoft[at]MyDomainName.com,  Yahoo Yahoo[at]MyDomainName.com, eBay ebay[at]MyDomainName.com and etc.) This worked fine for many years as all the emails would be delivered to my Catch-All email address and if one did end up on a spam list, I could go and change it to something else and blackhole the old name. 

Problem is that all of the sudden, I have started getting tons of spam addressed to made-up email addresses (that I did not create) flooding my catch-all.  Apparently they have loaded a list of common sir names into their spam program that now sends 100's of emails to *****[at]MyDomainName.com daily.

Any ideas how to combat this?

17489[/snapback]

Yeah one of my domains is getting over 6000 spams a day that way. It started at about 200 and worked up to 6000 in a few weeks. I have the email addresses that I actually want to see mail from forwarded elsewhere now.

Share this post


Link to post
Share on other sites

Yes, I turned off all catchall addy's for our fomains a couple years ago. You could just make all the individual email names an Alias of 1 specific email addy, that way you only have to check one email account and you can still see which one they were delivered to or just have them all forwarded to one address.

Share this post


Link to post
Share on other sites

What happens to the less fortunate of us that do not have the anbility to turn off such feature. I get a lot of spam to made up e-mail names, and was not able to convince my own abuse desk that was happening.

Share this post


Link to post
Share on other sites

Are these email addresses to your university address (in which case your email address is in the bcc) or to your domain address (IIRC, you mentioned a domain sometime)?

If it is to your domain, then perhaps you need to get a more responsive host. If the university is your host, then if you are using the spamcop email to filter your email, you could whitelist the address that is published on your domain as the contact address (or any others that you create and use) and send everything else to held mail, I would think. You might be able to figure out a way to do that in your email application if you don't use spamcop email service.

Someone else may be able to be more specific in how to use filters.

Miss Betsy

Share this post


Link to post
Share on other sites
Yes...turn off the catch all and turn on the specific addresses you have in use.  More work, I know, but spammers have ruined the trust we used to have in the SMTP system.

This is really the best solution. I went through it earlier this year, and it's a painful process if you've given out dozens (or hundreds) of the customized addresses, but it's worth it, IMO.

Interestingly enough, I've received worm-infected emails at the addresses that I made up for both the Bank of America and for Bank One, but hadn't given out anywhere else. In both cases, the infections came from PC's belonging to the third-party partners hired by each of the banks to handle the email aspects of their online portals. In both cases, the worms spoofed the addresses of other bank customers into the "From" of the infected messages...I verified this by contacting the other innocent victims. I also yelled very loudly at both banks and their incompetent partners (it helps to have a B of A V.P. in one's family).

DT

Edited by DavidT

Share this post


Link to post
Share on other sites

Turn off the catch-all address. The spammers love those. Then each need a custom email address tailored to one company (like spamfrommicrosoft [at] whatever.com).

Or, in advance create a bunch of email addresses and make a journal of who you assign them to:

spam01 [at]whatever.com

spam02 [at]whatever.com

Etc.

You could create them say in batches of twenty, then use them and keep track of who they were used for.

Some folks use the alphabet:

boba[at]

bobb[at]

bobc[at]

bobd[at]

bobe[at]

Etc.

That way any bob stuff is spam.

Share this post


Link to post
Share on other sites
Yes...turn off the catch all and turn on the specific addresses you have in use.  More work, I know, but spammers have ruined the trust we used to have in the SMTP system.

17491[/snapback]

I was afraid of that. My problem is that I have no way of remembering all of the hundreds of email addresses I have given out over the years through the normal course of business, not to mention every online form I have filled out.

Share this post


Link to post
Share on other sites
I was afraid of that.  My problem is that I have no way of remembering all of the hundreds of email addresses I have given out over the years through the normal course of business, not to mention every online form I have filled out.

17536[/snapback]

Blow $30 on a SpamCop filtered emal account and send everthing through that?

Share this post


Link to post
Share on other sites
/snip

Someone else may be able to be more specific in how to use filters. 

Miss Betsy

17501[/snapback]

The filters are not a problem, my ISPs have implemented them and they do protect me from viruses, etc. They have done that after continued pressure from people such as me, who take the extra time to complain. The problem is that a univerity's helpdesk is run by students, there on a part time basis and unwilling to deal with problems in a helpful and positive way. If I get anything from them is suggestions for actions I have already taken, and not solution to existing problems. In fact they were the first to point me to SpamCop, when I tell them that my reporting does no good to me unless they actually implement the SC-block they tell me not to report to SC. This is one example of many that when put together would make a good parody for how not to run a helpdesk. Amuzing at times, but extreemly frustrating to me.

Share this post


Link to post
Share on other sites
The filters are not a problem, my ISPs have implemented them and they do protect me from viruses, etc. They have done that after continued pressure from people such as me, who take the extra time to complain. The problem is that a univerity's helpdesk is run by students, there on a part time basis and unwilling to deal with problems in a helpful and positive way. If I get anything from them is suggestions for actions I have already taken, and not solution to existing problems. In fact they were the first to point me to SpamCop, when I tell them that my reporting does no good to me unless they actually implement the SC-block they tell me not to report to SC. This is one example of many that when put together would make a good parody for how not to run a helpdesk. Amuzing at times, but extreemly frustrating to me.

You do not have to use only the university filters. As someone else said, blow $30 and get a spamcop email account. Or I think Mailwasher is said to filter based on blocklists. I don't know how you feel about Mailwasher and its 'bounce' feature (which, in spite of repeated complaints from people who receive the bounces, they continue to advertise as a way to 'reply' to spammers).

And there are ways to set up filters of your own in most email applications. It is not always easy to do which is why I said that someone else might give advice in that direction.

Or if it is a domain, then perhaps blowing the money on another domain where you can set it up properly to start with.

MIss Betsy

Share this post


Link to post
Share on other sites

Start paying attention to what email is important. Take notice of who it is addressed to.

Then create some new spamtrap aliases.

Then re-assign the good mail to a new spamtrap.

Now turn off the default mail drop.

The bad ones will wither due to bounces.

Start keeping track of who you assign spamtrap email addresses to.

It will take some time but you should be able to fix a few a week and get back on track slowly.

Share this post


Link to post
Share on other sites

We have our own server and my husband frequently checks the logs regarding incoming and outgoing mail, including bounces and rejected mail. He's discovered that spammers will apparently just "guess" at names and send blindly to "randomname"[at]domain so we had to turn off the usual acceptance of "username [at] domain". Kind of a pain, really, as we now have to specifically set up each and every email address in the mail alias file, but the spammers always make everything more difficult and more annoying in their ever-growing quest for ways to pour their crap into people's inboxes. *sigh*

They also, for what it's worth, send mail to "common" names like "service", "webmaster", "sales", "info", "support" and so forth. None of my many domains has those set up, although of course "postmaster" and "root" will work for all of them (for some reason, the spammers seem somewhat hesitant to use those, not sure why).

bonni

Share this post


Link to post
Share on other sites

Treat the aliases invented by the spammers as spamtraps. Explicitly alias them into a new account explicitly set up for spam reporting. For the aliases you are sure would only be used by spammers, set up a procmail scri_pt on the server to automatically QuickReport them to spamcop. You can archive them on the server, but you don't have to even see them in your mail client. Then let them spam themselves into oblivion. You can elaborate on this in different ways with white lists, automatic forwarding of subcategories to spamcop for confirmed reporting, etc.

Share this post


Link to post
Share on other sites

I still believe part of this spamming thing is a challenge and response thing.

They are testing our response, and once they have us conditioned they are going to bring the Internet to its knees by clogging the Internet by exploiting our conditioned response.

Setting up automatic spam reply defensive measures sounds like a way for the bad guys to really clog up the Internet. They will only have to do half the work and the self-inflicted drones will finish us off.

The majority of the spammers are mindless greedy idiot hemorrhoids, but there are some sinister ones out there that are setting us up for the big takedown.

The next domestic terrorist act may be taking the Internet down by spam.

Be careful about jacking around with automated spam setups. And, be careful how you react to any spam.

The virus writers did the challenge/response thing. They set us up with sasser1 through sasser9 then they went in for the kill with sasser10.

The spammers will be right on their coattails once they figure out a spam that will exploit our response or lack of response to clog the Internet.

And, no I'm not a paranoid right-winged fart sniffer :) I yam just your garden variety futurist and mind reader :)

Edited by flagginator

Share this post


Link to post
Share on other sites
/snip

And, no I'm not a paranoid right-winged fart sniffer :) I yam just your garden variety futurist and mind reader :)

17831[/snapback]

Very colorfully stated, I share your concerns myself! I so often stated that spammers do things pre-emtively, and based on our anti-spam community's actions. I don't think this scum of the earth, with a criminal mind-set that permates all spammer's actions, can be underestimated. In fact, I very much hope they will read this statement.

Edited by dra007

Share this post


Link to post
Share on other sites

Does that mean you don't think that spam should be reported? This isn't a game; they are criminals. The laws against them are inadequate, so for now all we can do is report their activities to black list their sources or get their ISP's to shut them down

Share this post


Link to post
Share on other sites

I think what flagginator means is that once the sinister spammers think there are enough reporters, that they will completely flood the reporters with spam and between the spam *and* the reports email will be completely saturated and unusable.

Although there are a few people who are really making money selling things by spam, IMHO, the bulk of spam is being sent by the suckers who are taken in by the con that spamming will make you rich. They use the spamming software and 'products' supplied a few times and get no sales so they stop doing it. IMHO, that's why spam increases on the weekends.

However, IMHO, there are the 'sinister' ones referred to by flagginator who are not interested in /selling/ anything, but in getting around the filters and like the virus writers, just want to see how much mischief they can create.

Different methods of stopping them would work for different reasons to spam.

Miss Betsy

Share this post


Link to post
Share on other sites

Both our response and our type of response count as a response to their challenge.

We need to be prudent in how we respond to spam. The response of some is to forward it to everybody under the sun; others do auto-reporting; some don't report at all; some submit spam but don't report it.

All these response tactics are being sized up by the bad guys and they will set us up for the big kill one of these years.

I do not know the workaround other than to call it like you see it and don't under or over report/submit.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×