How does a spammer know I reported him?

Jeff G. · February 22, 2004

My incoming spam in my Yahoo email account suddenly increased exponentially about three weeks ago. I've been reporting every spam, and now I'm getting two to three dozen bounces a day! I assume this is payback for reporting the spam, but just how does a spammer know I reported him?

There are a variety of ways for a spammer to know your address from a SpamCop Report, or from your having read the spam.

As John Malmberg would write:

Some people think they are hash busters that are changed with each mailing to confuse content filters. Others think that they may be encoded identifiers to identify and retaliate or listwash spam reporters.

But this esteemed publication has uncovered the truth:

http://www.theregister.co.uk/content/28/34840.html

Also, Wazoo had a very germane response in a different Topic: http://forum.spamcop.net/forums/index.php?...findpost&p=1839

I don't report the bounces, but I read somewhere on the forum that the parsing portion of the report can be saved for my own reports. Just which part is the parsing? Is that the long litany of ISP addresses from which I'd try to gleen the origination point (using ARIN or WHOIS, eg.)?

If the bouncing ISP sends you the headers from the original spam, you can parse just those headers and use the reportee addresses which SpamCop figures out to address your manual report.

Wazoo · February 22, 2004

gads, how'd you pull that one out of the hat? ... I can hardly remember typing it up <g>

Jeff G. · February 22, 2004

gads, how'd you pull that one out of the hat? ... I can hardly remember typing it up <g>

It's a corollary to the now old "Google is your friend" adage that reads "SpamCop Forums Search is your friend".

GreenLady · February 22, 2004

There are a variety of ways for a spammer to know your address from a SpamCop Report, or from your having read the spam.

I was shocked to be told a couple of months ago that simply opening a piece of spam was enough to let the spammer know your account is active. (It works by including a unique ID picture which is helpfully downloaded by your mail service provider, or in the preview pane, when you open your html format mail).

The answer to this one is to use a POP 3 email system BUT to read your email off-line. Yahoo will let you forward to POP3 in return for allowing a weekly eMail (check the Help as it is a three part process, including changing your Yahoo Account settings to switch to POP3).

In terms of reporting these via SpamCop, I assume you would need to carefully copy the source text of the eMail (again, off-line) and munge out the tracking IDs.

now I'm getting two to three dozen bounces a day

The bounces you are getting may be due to the Novarg virus doing the rounds that may have infected the machine of one of your contacts. It picks up their address book and uses a name from that address book as the forged From and Reply to addresses. See mm.html]http://securityresponse.symantec.com/avcen...ovarg.a[at]mm.html

For example, on 27 Jan I was puzzled to receive a bounce from Yale university with my name as the source. However, using the email header reader at http://www.spamid.net/ I found it originated at another institution for whom I only have one contact. I reported this immediately to them and their postmaster and, yes, she did have an infected machine.

Wazoo · February 22, 2004

Yahoo will let you forward to POP3 in return for allowing a weekly eMail

To my recollection, this free POP account was killed off a couple of years ago ... just checked and see under Mail Options;

Forward your email or download your Yahoo! messages to your POP3 mail client for only $19.99/year.

(It works by including a unique ID picture which is helpfully downloaded by your mail service provider, or in the preview pane

not necessarily a picture, it could be any "tagged" URL

when you open your html format mail).

The actual problem here is really your "HTML friendly e-mail application" ... for example, Outlook Express, one of those apps that folks like to bad-mouth, version 6 SP1 does offer a "read all as Plain Text", which solves the HTML calls. Yet another checkbox solves the problem of users blindly clicking on the fale attachment icon, so they can't run it, save it, or otherwise manipulate it.

Spambo · February 22, 2004

I don't report the bounces, but I read somewhere on the forum that the parsing portion of the report can be saved for my own reports. Just which part is the parsing? Is that the long litany of ISP addresses from which I'd try to gleen the origination point (using ARIN or WHOIS, eg.)?

If the bouncing ISP sends you the headers from the original spam, you can parse just those headers and use the reportee addresses which SpamCop figures out to address your manual report.

I just want to note that one should not assume the full headers contained in a bounce have any validity. They could be complete fabrications. The headers of the bounce MUST be taken into consideration. The "source" of the bounce could be the actual source of a spam disguised as a bounce.

GreenLady · February 24, 2004

To my recollection, this free POP account was killed off a couple of years ago ... just checked and see under Mail Options;

:huh: There's me thinking I only just set it up a couple of months ago and for a friend last Monday...

Look under Help -> "POP Access and Forwarding" -> {email system of your PC} for parts 1 & 2 (Add & Authentication). Then back a page and "Errors Receiving Mail (POP) " -> "subscription to Yahoo Delivers" and "POP access option" to accept a small weekly mail (I've yet to receive one!) on the topic of your choice and configure your Yahoo account to auto-forward. Of course I could pay for it, & skip the email, but I'm a bit skint this year!

Wazoo · February 25, 2004

You sure have me at a loss. What you describe is what I recall from a long time ago, and even had the free POP access. However, I tired and tried to follow your step by step, and I can't get to a "sign up for Yahoo Delivers" page anywhere ... the closest I can get is to "sign up for Pop and Forwarding", with the next page asking for how they're going to get their money. My search was done while under one of my existing accounts, noting that your frame of reference was "recently set the accounts up" .... not excited about trying the new account route right now, and am thinking that you'd just went through the path under your account to offer up the instructions .. I'm baffled ...

GreenLady · February 26, 2004

I can't get to a "sign up for Yahoo Delivers" page anywhere ...

I have had my Yahoo (UK) account for over 3 years, but her account was a new one set up from scratch.

If you are using UK Yahoo, (and either you are US based or you keep worse hours online than me!) I cannot explain the differences in the Help text displayed...

From web mail inbox, click on help. Get the following displayed:

Using My Account

Address Book

Sending Mail

Receiving Mail

External Mail Configuration

Managing Messages

POP Access and Forwarding

Click on POP Access and Forwarding and get:

POP Configurations

Microsoft Outlook 98, 2000, and 2002

Outlook Express (IE 5)

Netscape Messenger 4 and higher

Eudora 5.1 or higher

Other Email Client

HTML Compatibility

How can I use Spamguard if I use a POP3 client?

POP Problems

Errors Sending Mail (SMTP)

Errors Receiving Mail (POP)

Click on Outlook Express and follow the instructions, then go back and click on Errors Receiving Mail (POP) containing:

Subscription to Yahoo! Delivers

You must subscribe to the Yahoo! Delivers service for POP access through your email client.

POP Access Option

Have you selected the option for POP access on the Mail Delivery Status page? To find out if you have, click on "Options" on the left-hand navigation bar in Yahoo! Mail, and then on POP Access & Forwarding. Make sure to click "Submit" when you're done. Please note, you won't receive POP access if you've selected the "Forwarding" option. These are separate features that can't be used at the same time.

Yahoo! Delivers shortcut is http://subscribe.yahoo.com/deliver?.src=ym

and Pop Access and Forwarding is http://edit.europe.yahoo.com/config/set_popfwd

{Previews Post} Urgh, lots of typos to correct - my system is running like jelly as I have just had to update my antivirus and do a full system scan thanks to a spammer in the Cayman islands - the only reason I can think of someone there having my mailing address - sending me not one, but two copies of mydoom.f

StevenUnderwood · February 26, 2004

Apparently, that is not available in the US...

In my US based Yahoo acount, that option is under

Yahoo! Mail Premium Services

Mail Plus

Personal Address

POP Access and Forwarding

Extra Storage

Billing

And to sign up:

POP Access and Forwarding

• Use Outlook™, Eudora™, or another POP3 client to access and manage your Yahoo! Mail.

• Automatically forward your Yahoo! Mail to another email account - even another Yahoo! address.

• Send larger messages, up to 5MB

• Only $19.99/year*.

Wazoo · February 26, 2004

Thank you Steven <g> ...

And yes, GreenLady, it has been suggested that my waking hours aren't quite normal many times <g>

Sign In

How does a spammer know I reported him?

Recommended Posts

Jeff G.

Link to comment

Share on other sites

Wazoo

Link to comment

Share on other sites

Jeff G.

Link to comment

Share on other sites

GreenLady

Link to comment

Share on other sites

Wazoo

Link to comment

Share on other sites

Spambo

Link to comment

Share on other sites

GreenLady

Link to comment

Share on other sites

Wazoo

Link to comment

Share on other sites

GreenLady

Link to comment

Share on other sites

StevenUnderwood

Link to comment

Share on other sites

Wazoo

Link to comment

Share on other sites

Archived

Browse

Activity