Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by elind

  1. elind

    MailWasher Pro

    I see the problem, for some. However it still seems to me that 90+% of spam can be quickly and easily identified from subject or send address (garbled name or otherwise) and the balance forwarded with or without whitelisting. I also thought that in most cases it's to everyone's advantage if all hijacked PCs are reported consistently. If a real email is missed, won't the sender receive a notification to that effect, and they can then correct and resend if it was important? Sure it's inconvenient, but it's already inconvenient.
  2. How else can I validate it other than saying I will accept any message from merlyn <at> verizon.net, for example? True, I could still get a message with that address forged, and spammers would have short success spurt if they could sent everyone spam appearing to come from someone in their own address book, but that is not very likely is it? I will tell them to check their PCs.
  3. I have several times found a valid email in the held spam list, even though that email had passed through only days before without first having been whitelisted. In this latest case, from a name [at]bankofamerica.com which is unlikely to have suddenly been added to a spam list. Why is this? Thanks
  4. 1: I whitelisted AFTER noticing this issue. They are now whitelisted, but would otherwise still be held. I don't think I said the address was whitelisted initially, but if I did I am sorry and meant to say that the address has not been held before, in other communications. 2: Why would you not simply take my word for the fact that the messages were real and recognized communications from the senders shown? 3: I don't know what the specifics of the messages have to do with it, but if you are curious, I have business with BofA and communicate with a VP who travels a lot and I would guess connects from many locations, perhaps including home. I will ask. 4: In the latter case, if it's not via a VPN, perhaps only the connection at that time is on the blacklist? If this is a dynamically allocated IP, how does one know that it won't be used by another person tomorrow?
  5. No, both messages came from known senders and were valid communications, but could their machines be compromised without their knowledge then? Perhaps the BofA message was sent from the senders home PC instead of the office? Should I advise them?
  6. Hi, I just received another email from a known sender, (name[at]verizon.net) that has passed through filtering before. I have now whitelisted it, but if the following info says anything about why it was held I'd appreciate knowing. Surely verizon.net can't be blocked completely? Thanks X-IronPort-AV: i="3.88,148,1102309200"; d="scan'208,217"; a="170511159:sNHT65860592" X-Authentication-Info: Submitted using SMTP AUTH at out007.verizon.net from [] at Mon, 24 Jan 2005 10:21:23 -0600 X-Virus-Scanned: Symantec AntiVirus Scan Engine X-Virus-Scanned: Symantec AntiVirus Scan Engine X-spam-Checker-Version: SpamAssassin 3.0.0 (2004-09-13) on blade5 X-spam-Level: X-spam-Status: hits=0.0 tests=HTML_MESSAGE version=3.0.0 X-SpamCop-Checked: X-SpamCop-Disposition: Blocked dnsbl.sorbs.net Also, sorry for not replying to your question above, regarding my first query. I missed seeing your reply. Here are the lines for that message. X-IronPort-AV: i="3.88,136,1102309200"; d="scan'208,217"; a="166938366:sNHT83361340" X-MS-Has-Attach: X-MS-TNEF-Correlator: X-spam-Checker-Version: SpamAssassin 3.0.0 (2004-09-13) on blade4 X-spam-Level: X-spam-Status: hits=0.4 tests=BAD_CREDIT,HTML_90_100,HTML_MESSAGE version=3.0.0 X-SpamCop-Checked: X-SpamCop-Disposition: Blocked bl.spamcop.net X-Virus-Scanned: Symantec AntiVirus Scan Engine
  7. I've browsed trying to find answer to a few minor questions that I would be interested to hear explanations for, if not too complex, but couldn't see anything specific in the posts. I'll put these together here since a separate topic for each will probably just clutter up messages. If anyone has answers I'd appreciate reading them. 1: Sometime in the past year spammers started using random sender names instead of dumb fake ones. I'm not sure why, since it identifies spam more easily to me, but I guessed that they might be individually coding each spam so they could trace reporting. But if they did bother to trace reporting, what is the point of never removing reporters from their lists? I would think they would be more effective if they purged the lists of serious spam reporters. 2: I sometimes get completely blank spam, and sometimes it is faked to come from spamcop. What's the point to the spammers? 3: China is spam heaven as we all know (along with their cousins) but why is SPRINT included with just about every spam report sent to China, and why does it have NO effect on Sprint? 4: In browsing the Spamcop statistics graphs, there appears to be a dramatic dropoff in volume from a year ago, and then a very dramatic spike in this month. My level, as an individual stays relatively constant from day to day (about a screen full per day, some 14000 in the past few years). How can one draw any kind of conclusion from the spamcop statistics? Is there an interpretation posted anywhere? Thanks in advance for any replies.
  8. elind

    Newbie spam tech questions

    I see. Not email, just data transfer....and an excuse to not look too hard. Thanks
  9. elind

    Newbie spam tech questions

    I am most grateful for these answers and the time it took to make them, although some are more technical than my current expertise allows me to fully appreciate. Perhaps this can be placed in a FAQ area for others to view? I would however like to ask one followup question, which is on the above point. Don't ALL emails have to get out via an ISP somewhere, even if they are hijacked PCs? Why would ISPs of hijacked PCs be less (or more) dishonest than any others? If so it still seems that a simple limit on volume implemented as a feature within the main server software packages would eliminate almost all of it. That assumes of course that they don't have so many hijacks that they can spread the volume dramatically so as not to trigger alarms, but somehow the premise that most spammers are stupid (one of the rules?) would seem to discount that kind of sophistication. Thanks again. PS. If anyone who works for Sprint reads this, please note that you have lost one customer for life in any of the services you offer; just on principle of course, but it is nevertheless something that you can take quite a few thousand dollars of your revenues for. Small pleasures.
  10. elind

    Newbie spam tech questions

    I have been a spamcop subscriber for several years now, and dutifully report every single spam received, and I read this and that article about spam, but I still don't understand the whole issue, or why we still have a problem. I don't understand why 99% of all reputable ISPs can't have verified accounts that are allowed to send to mail lists, and stop all others that send anything looking like a mass mailing before it gets out the door. I don't understand why the biggest offenders, Chinese, Korean, Brazilian etc., are not simply blocked by all the others who want to be civilized (anyone who says the Chinese can't stop it overnight are ....). I don't understand why spam reporting seems to have no effect. I do it because I "have faith", I suppose, but it has made no difference to my volume, unless constancy is considered a good thing. I don't understand why the spammers keep sending to addresses that end in "spamcop.net", or why they don't remove reporters from their lists. I don't understand why they suddenly started using random letter names on their forged emails instead of fake names. I don't understand why they don't totally make up the forged email address, instead of using what mostly seems like real domain names (except for the stupid sender name). I don't understand if there is any point in reporting anymore, since it's been a long time that I saw a reply saying that such and such account had been closed down. I don't understand how companies like Sprint can totally ignore the spam traffic that the Chinese pay them for, and still pretend to be be part of the civilized internet. Has anyone published a thorough, not excessively technical, document on these issues and the ones I haven't listed? Thanks
  11. elind

    MailWasher Pro

    I'm curious and trying to understand this. Why does it take two hours? Why can't you quickly scan the messages to see if there is a real one there? Since the spammers now just use, conveniently, quite specific spam subjects AND random letter sender names it takes me 10 or 15 seconds or less to scan a full screen and quick report them all. 99.99% of the time it's all spam and I think I have only been bleary eyed and missreported about twice in some 14000 submissions.
  12. Oh! I see. Perhaps posts that are considered to be in the wrong section should be moved after notifying the poster?
  13. Now I'm getting the notifications (I received yours). I presume only one is sent until one replies, and perhaps in the first case I mistook a notification for a common reporting notification and missed it. In any case it seems to work now. Regarding the virus spam... I obtained the source address by doing a spamcop trace, not by the forged one.
  14. I'm trying to educate myself a bit by browsing these posts, but I thought I'd mention that every 3 or 4 months for a year or more I would get a bunch of Netsky viruses sent from the same (after tracing) email at a consulting firm in Sweden (effekt.se). My ISP won't allow viruses through anyway (hasn't yet), but from my perspective it's still spam, so I sent a polite message to that email asking for it to stop on the assumption one of their PCs had been compromised. Then I got some more spam, and I found emails on their web site for all the executives in their company and sent the same polite request to all of them (the spam name was not on the list). Nobody bothered to reply to me, but I haven't seen any more messages for a few months. Next time I'm reporting however. Incidentally, I'm new on the forum, but I had another issue in another topic, and I have been selecting "enable email notification of replies", and I had replies on the other topic, but received no email notifications. Something I'm doing wrong?
  15. Yes thanks. I didn't think that the filtering was quite that sensitive. It seems it picked up the two words "bad credit" which were in the body of the message, but not the subject, discussing mortgages. X-MS-Has-Attach: X-MS-TNEF-Correlator: X-spam-Checker-Version: SpamAssassin 3.0.0 (2004-09-13) on blade4 X-spam-Level: X-spam-Status: hits=0.4 tests=BAD_CREDIT,HTML_90_100,HTML_MESSAGE version=3.0.0 I had not thought that alone would be enough, but if I ease the settings I'm afraid I'll get much more through. As it is very little gets through and this does not happen very often, so I'll leave it be. Thanks to all for the education.
  16. Because it was a real message from a known sender that had sent non held messages before. Sorry if I did not make that clear.