Wazoo Posted January 30, 2005 Share Posted January 30, 2005 Outlook Express 6 - all current updates applied Tools | Options | Security Checked box - Restricted Zone (see Note 1) Checked box - Warn me when other applications .... Checked box - Do not allow attachments to be saved .... (see Note 2) Tools | Options | Receipts Checked box - Never send a read receipt Tools | Options | Read Checked box - Read all messages in Plain Text (other boxes here at your option) Tools | Options | Connection Checked box - Ask before switching dial-ip connections Note 1: You must set Restricted Zone settings under Internet Explorer (IE) IE | Internet Options | Security Select Restricted Zones Click on the Custom Level button If items are not "Disabled" then at least set them to "Prompt" (you don't want anything to "run" here .. and setting to "Prompt" usually just means that you will see a pop-up warning like "an ActiveX scri_pt wants to access your system .. click yes or no" .... which as you see doesn't tell you anything about what the scri_pt is, what part of your system it "wants" ... never mind what it's going to do if you "allow" to access your system ... a whole lot easier to simply not allow access at all by going with "Disabled") Note 2: Although great if setting up a "new" user, this is usually more than a bit frustrating to those that are accustomed to "click on the attachment to see what it is" ... which of course, is exactly why this option has been made available <g> This setting can be changed on a case-by-case basis if one has to absolutely handle the attachment, but better would be to view the source of the message first, then handle it however necessary .. copying the 'important stuff out to a 'new' file, changing this switch setting (and remembering to switch it back when done), or simply deleting the e-mail. [Example, one of those infamous AOL Fwd: Fwd: Fwd: Fwd type e-mails that will show up as a blank screen in your Preview Panel (if it is turned on) ... When looking at the source of the message, scrolling down 20 or 30 screens full of all those other people's addresses that you've never heard of, only to finally get down to the "real" message and find that it was nothing more than a "mail this to everybody on your Buddy List in the next 30 minutes and your life won't turn to crap!!!!" ... believe me, better to have deleted it at first sight <g>)] OK, now have to ask you to play along with me a bit, as we don't "do graphics" here, so we have to pretend a bit .... Here's a spam I received recently and all that showed in the Preview Panel is the following; New Page 2NBC CBS & 60 Minutes Put this on national TV THIS STUFF WORKS! . . </ht As you can see, not a lot of stuff there .. If I was to right-click on the Subject Line in the list (or hit the Forward icon in the Toolbar) .. this is what would show up in the e-mail to be Forwarded; From: "AMAZING NEW DIET PILL (seen on TV)" <xxxxxxx[at]idirect.ca> To: <xxxxxx[at]hotmail.com> Sent: Saturday, January 29, 2005 3:00 PM Subject: Miracle Pill? > New Page 2NBC CBS & 60 Minutes Put this on national TV > > THIS STUFF WORKS! > > . . </ht Sending this to anyone else (especially the SpamCop parser) will end up with a question about just what you might be trying to accomplish, as there is no detail to show how you received the e-mail, much less identifying where it came from. We need to include the "real" source data of the e-mail to show the actual and full headers .. and in doing that, you might be surprised at what else shows up <g> Right-click on that Subject Title once again (in the list of e-mails) ... Select "Properties" .... Select "Details" ... Select "Message Source" ... Right-click in that pop-up box, select "Select All" ... right-click again in that now highlighted text area and select "Copy" .... go back to your "e-mail to be forwarded" and right-click in that text area at a good spot (above or below the stuff already in there) and select "Paste" ... When looking at the sample spam I'm using, here's the surprise we were waiting for ... what was really in that e-mail that didn't make it to my screen; X-Message-Status: n X-SID-PRA: AMAZING NEW DIET PILL (seen on TV) <xxxxxxx[at]idirect.ca> X-SID-Result: TempError X-Message-Info: pC37NJ8+wY3fI16ovlxLdiTS2aoYxJNGJtIxyX4rRvQ= Received: from cable-68-119-70-205.abr.al.charter.com ([22.214.171.124]) by mc6-f10.hotmail.com with Microsoft SMTPSVC(6.0.3790.211); Sat, 29 Jan 2005 13:01:37 -0800 From: "AMAZING NEW DIET PILL (seen on TV)" <xxxxxxx[at]idirect.ca> To: xxxxxx[at]hotmail.com Subject: Miracle Pill? Date: Sat, 29 Jan 2005 13:00:35 -0800 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--screwystringofmadeupcrapchanged" Return-Path: somepoorinnocentperson[at]mail.rhein-ruhr.de Message-ID: <MC6-F10KABHsbNTu04V0000ac3e[at]mc6-f10.hotmail.com> X-OriginalArrivalTime: 29 Jan 2005 21:01:37.0789 (UTC) FILETIME=[B91972D0:01C50645] ----screwystringofmadeupcrapchanged Content-Type: text/html; uasribsfgstychinicasfgllxpdbhrntuxscypoteicrwmpxutrotitasgcasfglefasentkno wledpefectianmrhtyudlsenijexteeorphasneunrightly Content-Transfer-Encoding: base64 PGh0bWw+DQoNCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVpdj0iQ29udGVudC1MYW5ndWFnZSIg Y29udGVudD0iZW4tdXMiPg0KPG1ldGEgaHR0cC1lcXVpdj0iQ29udGVudC1UeXBlIiBjb250 ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9d2luZG93cy0xMjUyIj4NCjxtZXRhIG5hbWU9IkdF TkVSQVRPUiIgY29udGVudD0iTWljcm9zb2Z0IEZyb250UGFnZSA0LjAiPg0KPG1ldGEgbmFt ZT0iUHJvZ0lkIiBjb250ZW50PSJGcm9udFBhZ2UuRWRpdG9yLkRvY3VtZW50Ij4NCjx0aXRs ZT5OZXcgUGFnZSAyPC90aXRsZT4NCjwvaGVhZD4NCg0KPGJvZHk+DQoNCjxwIGFsaWduPSJj <dozens of screens of this stuff snipped> Z2d1ZWxmc2ZnbmRjZnNmZ3NoYm9va1M7IGcgZkRESVRJT05mTCBnIExJZkJJTElUWSBnIG5v bnN1cHBrZXNzaW9ubWlja29raG9waWZzZmdzNjENCg0KLS0+DQouDQo8L2h0bWw+ ----screwystringofmadeupcrapchanged-- As you can see, the "real" e-mail was very much different that what was displayed (again noting that I saved you from having to wade through screen after screen of gobbledygook with that big snip in the middle of the Base64 encoded crap) ... Now we could talk about why and how all that gobbledyegook gets translated into "plain text" .. but that's for another time. We could also talk about how badly this e-mail was "composed" (actually, more like manufactured) looking at details not found (like what e-mail application was in use when this idiot "wrote the e-mail) ... details missing (like the lack of a second and an ending Boundary line) ... details totally bogus (like the alleged HTML section that is actually nothing then gibberish [or a bit of tracking data for the paranoid out there]) ... but we won't <g> Some of the items I'm trying to show here; 1. What you 'see' isn't necessarily what that e-mail contains. 2. Securely handled, it's not likely that you will get bitten by an e-mail. 3. With this data now captured, you can send your complaint .. in the case provided, I sent my complaint (entire spam content, no editing) to webcomplaints[at]ora.fda.gov , spam[at]uce.gov , and abuse[at]charter.net .... (again, decoding of the Base-64 crap to pull out referenced web-sites is for another story <g>) 4. Why simply "Forwarding" your OE e-mail to the SpamCop parser doesn't work. Link to comment Share on other sites More sharing options...
This topic is now archived and is closed to further replies.