In email headers, are there any fields which are not spoof-able? Or is
email simply a morass that is totally unsolvable and broken? Simply
impossible to filter spam? Now I am getting spam that is passing all the
dmarc, spf, and dkim checks. Volume is relatively low at the moment, 6
in 12 hours, but I am sure the bad guys are working on increasing the
volume.
In particular, is
X-Origin-Country reliable? Or is this data field unsuitable for
filtering as well?
Are there any mail client pre-filtering packages that can be added? Or
is this a game best left to?
On 3/9/23 2:44 PM, Bruce Labitt wrote:
Spoke too soon. I am far from understanding this all, but why would
my ISP send me mail that failed the following tests?
dmarc, spf or dkim? The latest spam I received failed _all_ three tests.
It appears not everyone is consistent with using this stuff, I found
an email from South West Airlines that apparently doesn't use dmarc,
but at least it passed spf and dkim. What a mess.
I tried to send this email and it was blocked when I included the
dmarc text.
On 3/9/23 11:49 AM, Bruce Labitt wrote:
Crossing fingers, my spam storm has paused. No spam since 3:27 EST
yesterday.
Cleaned out tons of old spam off my phone, which was tedious. Found
some miss-classified spam that were legitimate emails, like from
attorneys and banks, that I never received. Loads of stock tips, scams,
assorted pharmaceuticals, and of course, invitations to honeypots of the
female persuasion. Some were quite amusing.
Need to get back to the email spam storm on my wife's account now.
Not sure if one her groups she belongs to was compromised and her email
account sold to spammers or not. Seems like it.
My kids, both on different ISP's had no increase in spam in the past
week. I asked them last night, trying to figure out if this was a local
thing, or more wide spread. Guess it was local, or their ISP's were
more on the ball.
On 3/8/23 5:59 PM, Bruce Labitt wrote:
I think that something has been going on for a bit now.
However, I did go through some ancient spam emails (don't ask me why
they were still around, I plumb forgot they were accumulating) and found
quite a few of them posing as family members and people I knew, but were
not legitimate. Examining the headers showed they were trying to fool
me. All of them wanted me to click on some link - hoping to do some
nefarious thing or another to me. Many were from RU.
Oh, I have been using the filters! I have filtered every domain ending
in xyz, .store and a few others. It's not as easy to filter against
yourself...
Is it better to have these messages go to junk, or direct to trash?
Using Thunderbird if that matters.
On 3/8/23 5:22 PM, Ronald Smith wrote:
Hi all,
There is a coordinated attack happening right now on many forms of
communication; email, social media, everything -- someone doesn't want people
communicating right now. The increase in spam is just part of it.
Emails that I've sent to gmail have been bounced, maybe because gmail has
tightened their filters, maybe it's a false flag. I'm not sure and I'm not
going waste my time tracking it down right now. If someone wants to reach me,
they can just call me on the phone.
To the guy who said you should block all the IP's in the header -- that's
ABSOLUTELY WRONG! Whoever has launched this attack wants folks to do that --
they want folks to block stuff to further limit communication. Don't do that!
You can only trust the top "Received" notice in your email header. SMTP servers are
supposed to tack on their info to the top of the message and send it along to the next server, but
spammers or provocateurs will often falsify the tracking info below the most recent
"Received" line, so you should just ignore that.
Just put up with the spam for now; don't over-react. Your email providers will
know how to handle this if they have enough experience. Use the filters in your
client if you need to.
Have fun...
Ronald Smith
r...@mrt4.com
603-360-1000
- - - -
On Wed, 8 Mar 2023 13:31:56 -0500
Bruce Labitt<bruce.lab...@myfairpoint.net> wrote:
Seems to be an uptick in spam received lately. Doesn't seem that my ISP
is on top of it. In the past 48 hours have received at least three
dozen spams from similar parties. Many seem to be coming from *.store
domains. I haven't knowingly ever visited one of these domains.
I don't think I want to run my own email server - mostly because 1) I
really don't know how to set one up, and 2) it sounds like a bit of work
to maintain. Of course, I could be wrong, which is why I am asking.
I did a whois, and due to privacy cr*p, there's no longer a way to get
to the registrants. I can see why this might be, but it does make it
harder to report people. I did report a couple of domains as spammers
to godaddy, since I *think* they were the registrar. This really
doesn't seem kosher to me, since godaddy gets revenue from the
spammers. I also reported a domain or two to my ISP. Things have
slightly slowed down, but I am not holding my breath.
In my wife's case, one or more of her acquaintances (with Windows
computers?) have had their accounts compromised or information stolen,
and she has been super subscribed to what seems like dozens and dozens
of spamming lists. Her spam folder on her phone receives may hundreds
of emails a day - it's really out of control. How can we get out of
this mess?
Anyways, are there any practical ways to get a better handle on this?
Looking for some ideas. Thanks for any and all suggestions. I hope
this would be a topic of interest to others on this list. If for no
other reason to share what worked and what didn't.
_______________________________________________
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
_______________________________________________
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
_______________________________________________
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
_______________________________________________
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
_______________________________________________
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
