Unusual number of spams slipping to the Inbox?

[MyNameHere]

I've noticed a significant number of spams in my Spamcop webmail Inbox in the past couple of weeks.

For me, that means 1-2 per day, up from virtually 0 in the many months previous.

The frequency seems to have gone up in the past few days.

Has anyone else noticed this?

(If there's any interest, I'll post headers of the next one that shows up.)

[DavidT]

Yes, I think I've seen a few more slipping by than usual...but no particular pattern. It's likely that some spammers have moved their transmission activities to some new sources, have done some listwashing, or that SC reporting activities dropped a bit during the Thanksgiving holiday period, thus weakening the SC DNSBL.

Or...I just found another possible explanation...there have been some changes to the SC DNSBL that might account for this...check this announcement:

http://forum.spamcop.net/forums/index.php?showtopic=3016

DT

[Dangerman]

Or...I just found another possible explanation...there have been some changes to the SC DNSBL that might account for this...check this announcement:

http://forum.spamcop.net/forums/index.php?showtopic=3016

DT

20772[/snapback]

Yes, a couple of weeks ago, in response to the announcement of the changes, I posted that I had started seeing a bit more spam slipping through, and it is still happening. As I said at the time, it is still catching 99% of the spam though.

[MyNameHere]

Yes, a couple of weeks ago, in response to the announcement of the changes, I posted that I had started seeing a bit more spam slipping through, and it is still happening.  As I said at the time, it is still catching 99% of the spam though.

20777[/snapback]

Maybe not 99% in my case -- more like 80-90%. But I'm glad to know there's a reason.

Thanks!

[apeikoff]

Maybe not 99% in my case -- more like 80-90%.  But I'm glad to know there's a reason.

Thanks!

20802[/snapback]

In the last night Spamcop caught only 60-80% of the spam. This seems to be getting worse. Are the spammers getting smarter?

Also, I was wondering if reporting spam just incites retaliation by the spammers I report, and/or gives them access to my "unpublished" e-mail address. So, for example, I should stop reporting the spam that makes it through, as the headers will contain my "unpublished" address?

Thoughts?

[Tommy]

Also, I was wondering if reporting spam just incites retaliation by the spammers I report, and/or gives them access to my "unpublished" e-mail address. So, for example, I should stop reporting the spam that makes it through, as the headers will contain my "unpublished" address?

20816[/snapback]

Unless you specificaly tell it not to, Spamcop obscures your address in the headers and where it can find it in the message. The spammers, however, very well might have your address encoded in the message in a fashion known only to them (or even in a way very visible to a person reading the message but that spamcop cannot detect).

So you do potentially open yourself up to retaliation, but with so many other spamcop members making reports, it fortunately doesn't happen every day to any particular individual.

For me, the most frustrating spammer retaliation is getting "joe jobbed," where the spammer forges your address onto the return headers of spam, so you get lots of bounces and a few responses from angry individuals. Spamcop cannot really do anything to prevent or even respond to it, except when the forged spam happens to hit other spamcop members and they report it. The only real remedy is to change your email address.

So far I've been joe jobbed twice, and it makes it hard to work, but fortunately in both cases it stopped after just under a week. I did have to explain to my family members that the enlargement spam did NOT actually come from me.

[turetzsr]

<snip>

For me, the most frustrating spammer retaliation is getting "joe jobbed," where the spammer forges your address onto the return headers of spam, so you get lots of bounces and a few responses from angry individuals. Spamcop cannot really do anything to prevent or even respond to it, except when the forged spam happens to hit other spamcop members and they report it. The only real remedy is to change your email address.

So far I've been joe jobbed twice, and it makes it hard to work, but fortunately in both cases it stopped after just under a week. I did have to explain to my family members that the enlargement spam did NOT actually come from me.

20906[/snapback]

...IIUC, you are not using the term "joe jobbed" correctly. Please see the first sentence in Wazoo's reply in thread "I'm not here to rant. Your help is appreciated.".

[Tommy]

...IIUC, you are not using the term "joe jobbed" correctly.  Please see the first sentence in Wazoo's reply in thread "I'm not here to rant. Your help is appreciated.".

20981[/snapback]

Thank you for the link. Of course I may never know whether the intent was to defame me, but since I was receiving thousands of BOUNCES per day (out of who knows how many successful deliveries) it seemed more than just the random choice of email address. Because I had been using SpamCop to report some fraction of my spam I presumed it was retaliation.

SO I contend that my usage of the term could reasonably be considered "correct," though of course your sources and mine may differ. I say let THEM duke it out! :-)

On the other hand, I have ABSOLUTELY no idea what "IIUC" means but that probably just means I'm not 733T or something. (I've never learned what 733T means, either.)

[Wazoo]

IIUC = If I Understand Correctly

733T = LEET / short for Elite

JoeJob definition - You can define it however you want, but applying your definition in a conversation within earshot of others doesn't really help, other than furthering the misunderstanding of others, thus helping the spread of the wrong terminology .... Coincidentally, I just answered a PM from someone else upset about her use of the word "spoof" and the lack of "found" items in a search "here" for further data on that issue. What was actually being discussed was your same issue, the forging of an e-mail address .. and I did attempt to explain that the "normal" definition of "spoof" actually dealt with the identification and/or IP address of a connecting system/packet of traffic.

In both cases, actual and correct term should be "forged e-mail address" rather than the mis-applied term of JoeJob or Spoof ... Problem being that the "technical/correct" answer to a query using each those terms is very different.

[Wazoo]

Received via PM, posting it here without attribution, minimal editing;

Howdy -- I'm taking the debate off the board -- apparently I have a rant brewing here.

No rant that I know of, but it is getting a bit off-Topic ... perhaps a move to the Lounge will be next ... Tje critical thing here is that I don't need the "private" thing going on about something that should be kept public, again, trying to get folks to use the "right" terms when describing their issues.

I apparently do not understand the distinction y'all are making between a "Joe Job" and mere "forged email"-- it seems to me that the distinction must rest upon the quantity and whether an address seems to be targeted intentionally.

I thought I'd made it much more clearer than that ... the "simple" action of "borrowing" your e-mail address for a spam run is a long way from the actual definition of a JoeJob.

Of course, for folks who deal with these things all the time, two to ten thousand bounces per day on a single address for six days may not count as a Joe Job, but compared to the usual volume of spam I receive (across several addresses and domains) it sure seemed intentional and targeted.

It's more like "your turn in the barrel" .. sorry. I've had more than my share of time there, so it's not as if I don't have any idea what you've gone through.

You must be encouraging the use of the term "forged email" mainly because it's less sensational. I will concede that...

Again, I thought I made it clearer than that. If you want a correct technical answer to a question, the terminology needs to be correct. The forged address situation is pretty much a lost cause as far as doing much beyond trying to get the spew turned off, but you'll probably note/find that your forged address spam spew is being sourced from all over the world ....

An actual JoeJob stands a better chance of getting legal action taken, as there are known legal precedents for that kind of stuff.

If you can point me to a source that makes the distinction clearly, I would appreciate knowing about it.

I have listed sites before on this. That data already exists 'here' .. maybe I'll get back and do the search for you, but .. Google is out there somewhere ....

And if the distinction is a sore point, is there a FAQ entry (rather than a pointer to a forum thread that points to another thread that points to two web sites...)? I realize you are a volunteer and not paid so I would be happy to help compose one as soon as I understand it.

OK, so you've already followed some of that previously provided data and aren't happy with that. OK. Off the top of my head, I thought I had a FAQ entry in place, apparently not ... I'd mentioned in a PM to someone else earlier today that perhaps another enry needs to be made to the Glossary I started 'here' ... and as the issue is still being discuseed, I guess it's time I get cracking on that ...

Thanks for noting the volunteer status (of almost all the folks here) ... that's something that escapes most folks' attention.

The "bad thing" going on here .. war story time .. one guy would pick up the latest "PC" magazine at lunch hour, come back with a question using those words that he'd just picked up from flipping pages in the magazine. I'm sitting there thinking that if he's using those words, he must know what he's talking about, so I answer "at that level" of expertise. A half-hour later, I'm out trying to clean up the mess caused by this guy's attempt at "experimenting" with what he read, what he thought I'd said, what he "knew", what he though he understood, and guessing at the rest ....

So basically, here's the difference in a nutshell;

JoeJob ... go talk to your lawyer

spoofed ... go talk to your System Administrators / Technical Support folks

forged e-mail ... ride it out, reporting what you can to shut some compromised systems down

[StevenUnderwood]

JoeJob ... go talk to your lawyer

spoofed ... go talk to your System Administrators / Technical Support folks

forged e-mail ... ride it out, reporting what you can to shut some compromised systems down

A JoeJob would forge the sender as Joe[at]example.com and usually have some sort of message indicating example.com as the sender as well (advertizing their web site).

Usually, a JoeJob is trying to discredit a website or company by making it look like spam is being sent by that company. It used to be all that would be done is to forge the sender address but that was quickly noticed so now they tend to include forged headers as well. The person doing this is generally trying to get spam reporters to complain to the victims ISP and get him removed from the internet. No reporter with any knowledge will report based on a forged sender address.

Simple forged headers are just to throw the clueless off base because every valid server requires a "mail from:" as the first line to send any message.

[Tommy]

JoeJob ... go talk to your lawyer

spoofed ... go talk to your System Administrators / Technical Support folks

forged e-mail ... ride it out, reporting what you can to shut some compromised systems down

A JoeJob would forge the sender as Joe[at]example.com and usually have some sort of message indicating example.com as the sender as well (advertizing their web site).

Usually, a JoeJob is trying to discredit a website or company by making it look like spam is being sent by that company.

21000[/snapback]

Ah... OK, I think I understand now. Please forgive the cluelessness -- since y'all deal with this a lot more than I do, in this case I am closer to the guy reading the PC magazine than the expert, even though I have been spoofing my own email for years. ;-)

Unfortunately I think the distinction might be difficult for a typical victim to make. Even after following links that seem clear to others here, I was looking for something like volume of mail, and kept thinking I was seeing support for it. To make it even more confusing, the term "forged email" could be interpreted to apply to the other situations too.

It's been a long time since I read the original Joe's articles (and they don't top the list in Google anymore). A purist will be quite disappointed in THIS highly-Google-rated article:

http://www.g4techtv.com/techtvvault/featur...he_Joe_Job.html

However, THIS entry makes the distinction more clearly:

http://www.everything2.com/index.pl?node=Joe%20Job

Not every site agrees. SO I think in the long run it may be impossible to use the more restrictive "Joe Job" in the vernacular. Maybe we need to coin a latin phrase.

[Wazoo]

From http://www.tranexp.com:2000/InterTran?url=...from=eng&to=ltt

forged From address <=> subpono Ex oratio

This doesn't look right to me, but ... it's been years since my Latin days <g>

[Jeff G.]

"imaddressed spam", with impersonated from address?

[btech]

I've noticed that 1 or 2 slip through, but it seems to me that they're doing so because the spammer is sending from a seemingly real email address to my old attbi account, as part of a list of attbi members (God, do I wish I could find out what jackass sold/stole/published the list of old attbi accounts for spammers to use). The email that slip through are very close to real email and aren't the jibberish that most are.