All, Let's refrain from includeing list member names in the subject field. Thank you, Richard Justice list-mmoderator www.jaws-users.com www.blind-computing.com ----- Original Message ----- From: "Terrill Reynolds" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Friday, July 06, 2007 12:33 PM Subject: [JAWS-Users] anti spam tips to david ingrram
Hi David: I keep getting my E-mail returned to your address so I'm just sending it to the list. I think it is because of your subject line including the exes and your filter is blocking it. <smile> I hope the below helps somewhat. <smile> . Use Disposable Email Addresses (DEA's) While disposable email addresses don't block spam from being sent to you, they do provide a "shell" that protects your real email address and allows you to remain fairly anonymous online. DEAs simply redirect email to whatever address you tell them to. If you use a unique disposable address for each newsletter, discussion list or online form that you fill out, not only will you be able to pinpoint who compromised your address if you start to receive spam, but you'll also be able to kill that address instantly and stop the spam without having to change your permanent email address. Spamex offers a 30-day fully functional free trial (no credit card required), and for just $9.95 per year you can get a block of 500 disposable email addresses to use. Spamex Disposable Email Address Service http://www.spamex.com/ . Pay attention to privacy statements when filling out forms With so much information online, the last thing we want to do is be forced to read through six pages of a privacy statement. But that's exactly what you should be doing if you want to know how the site you are providing data to will be using it. Be careful of pre-checked boxes that say that it is okay for the company to share your information with third parties, as you're indicating that it's okay for them to sell your personal information. Many companies bundle that statement with things like "Agree to receive future useful notices about your software". Be wary. When in doubt, use a disposable email addr ess (see above) for each place you register online. If you're going to complain, complain to the right person and know what to say 98% of spam sent has forged headers or uses the open relay on an email server of an innocent party. Never automatically assume that the person or company listed in the From: or Reply-To: area was the originator of the spam you received. There is only ONE WAY to accurately determine who sent the message you received. Here it is: Open your email message up in an email program like Eudora or Outlook and from the toolbar menu choose View Source or View Headers to get a look at the full message with all headers (the information at the top of the message. Ignore everything in the header, except the following lines: Return-Path: < [EMAIL PROTECTED]> Received: from mail.somedomain.com (mail.somedomain.com [123.123.123.123]) The only line that cannot be forged (faked) by a spammer is the Received: IP address, in the example above indicated by [brackets]. Ignore everything else in the message and focus on the IP address in brackets in the topmost Received: header. Now go to SamSpade http://www.samspade.org/ Copy and paste that IP address (without the brackets) into the "Do stuff" form and click to find out whom that IP address belongs to. This is the true originator of the message that you received. Ignore the From: and Reply-To: headers as they are most likely bogus. Once you know the domain of the company associated with the IP address that sent you spam, visit http://www.abuse.net/ to find out the email addresses of the abuse department at that ISP. Just drop in the domain and it will provide you with the correct addresses to send your complaint to. Be warned! Not all ISP's are against spam. Some spammers use "spam- friendly" ISPs who don't listen to complaints and don't act on complaints. Other ISPs will drop a company's hosting account on the first properly documented complaint. If you don't get a satisfactory response to your complaint, it most likely fell upon deaf ears. Don't let it discourage you from complaining. If you want to check to see if the upstream is a spam-friendly ISP before you take the time to send your complaint, check out SpamHaus http://www.spamhaus.org/ Here is an example of a possible response that you might use to send to the upstream provider of the person or company that sent you spam: ------ Forwarded Message To: <upstream provider abuse address Subject: SPAM COMPLAINT> [Subject: subject of spam message] Sir or Madam: You provide connectivity to the originator of the spam message appended below. Please refer to traceroute following the message to understand how your company provides connectivity to the perpetrator. I have never had any business with the sender nor do I desire to do so. Incoming UCE is a burden on my firm and its employees, in terms of staff time wasted and the cost of bandwidth we pay for downloading mail we have no desire to receive. Please act promptly to block or terminate connectivity to the perpetrator and notify me that action is being taken to prevent future such mailings. PLEASE NOTE: My firm's SOP requires submission of your IP address for Realtime Blackhole Directory listing unless you shut down the offender. Kind regards, Your name 5 -----------begin forwarded spam-------- Include spam message with full headers here -----------end forwarded spam---------- TRACKING INFO ON SPAMMER: IP: WHOIS LISTING: ------------------------------------ HOSTING TRACEROUTE: IP INSERT TRACEROUTE HERE ------ End of Forwarded Message . NEVER reply to spam This may seem like a no-brainer, but people do it all the time. What happens when you reply to spam is one of two things, neither of which gets you off of the spammer's mailing list: 1. You reply to a faked/spoofed/forged Reply-To or From address that belongs to an innocent third party who had their domain hijacked and they have no idea what you are talking about. No self-respecting spammer uses their own email address. They hijack other peoples' or most of the time they just make one up. 2. The second thing that can happen if you reply to spam is that you tell the spammer that your email address is functional and "live". A live email address brings good money to spammers. It can then be added to a CD that they sell for profit to tens of hundreds of other spammers, and before you know it you're seeing a ten-fold increase in spam just because you followed the spammer's instructions and wrote to their Remove address or filled out the form they asked you to fill out for removal. Don't do it! Just delete it! . Never buy anything from a company that spams Do not, under any circumstances, buy any item or service that is promoted via a bulk, unsolicited emailing. If you do, you're only putting gas on the fire. Most businesses that use spam as a marketing method are getting ripped off by the companies that conduct these bulk, unsolicited emailings. However if even a few orders come in, they may see that as justification to continue using these tactics. . Protect your Web site from spam-bots One of the ways that spammers obtain your address is through the use of "bots" or spiders that go out to Web sites like yours and look for "mailto:"; links with email addresses. There is a plethora of bulk email software available out there that allows spammers to enter a keyword like "accountants". The program then accesses the Internet and does searches on multiple search engines under that keyword, visits the top ten listings or so under that keyword and then jumps from page to page on those sites, sucking up email addresses and creating a mailing list for the spammer. You can protect yourself and your company by simply not including mailto: email address links on your site. Take an image-editing program like Photoshop or Macromedia Fireworks and create an image of your email address on a white background (or the same color as your site). Make it in the same font that you've used for your site. Then take the image and link that image to a contact form on your site. This way visitors to your site can see your company or individual email address and use it if they want to, either by clicking on it to a contact form or by typing it into a message, but spambots can't. . Learn how to use an email program with filters If you use Web-based email such as WebTV, Hotmail or Yahoomail for convenience and anonymity, that's great. At some point, however, you're going to want to take advantage of more powerful software programs like Outlook 2002, Eudora or Entourage X (for Mac users). These programs offer powerful filtering tools on the client-side that can help filter potential spam out of your Inbox. Armed with a handful of simple rules that are checked on each piece of incoming email and a good email program, you can considerably reduce the amount of spam you receive. If you're like most of us, you probably have never read the instructions that came with your email program or explored the many features it offers. I'm guilty of this myself, so don't feel bad. There's just too much information for me to be bothered with reading manuals! I want an instant solution! Well, in this case, I can tell you from experience that not only is it worthwhile to buy a commercial email program, but it is also worthwhile to invest in the manual . Find a list of email software books. books are just like projects. You can get through them faster if you break them up into chunks. In this case, go through the table of contents and Put A's next to all the chapters that are most important for you. Put B's next to the ones that are not as important. Number the order and start reading the book 10 pages a day. Put a paperclip at the beginning of where you are reading and another one ten pages ahead so you know when you've reached your goal for the day. Take your time. The more you know about the tools and filters that these programs offer, the better off you will be. . Filter spam at the server level Brightmail http://www.brightmail.com/ private labels its spam-blocking service to a variety of ISPs like Earthlink, AT&T Worldnet and others. This technology takes email as it comes in and compares it with an updated list of IP addresses, blocks and keywords that it scans in your email and if spam is suspected, then the message is not downloaded to your desktop but rather moved to a spam folder and purged every three weeks automatically. If you own your own domain, you can take advantage of this service by simply mapping your own email address to an Earthlink pop account. These services do not block 100% of spam, but they can be effective at reducing the number of messages that you receive. Most times these services are included with the cost of your account, but are not turned on unless you request it or initiate it. .Buy your own domain and set up a virgin email address. I hear people complaining all the time about spam, but when it comes time to pay money for a solution that works, everyone suddenly gets really quiet. Why should you have to pay for a solution to stop something that you never asked for in the first place? I agree completely. You shouldn't have to pay to solve these problems. You shouldn't even have these problems in the first place, but you do. That's reality. Many solutions to reducing spam are free and require only your time in learning techniques. Others are going to cost you money. If you're willing to pay a small fee for a solution, here's an effective one: Go to http://www.speedhost.com/ and buy a $5 per month mini-Web account. That's $60 per year. Go to http://www.enom.com/ and search for and buy your own domain name for $29/year. Set up your domain so that it points to your hosting account and set up a virgin email account that has never been used. 1: Set up a public and private email account Set up two POP accounts for yourself - a private one and a public one: [EMAIL PROTECTED] - Is a public address / account that you'll use for public communication. This may be the address that you decide to send DEA (disposable email address) mail to (see earlier tip). [EMAIL PROTECTED] - Is your new virgin email address that is private. Treat it as you would an unlisted phone number and only give it out to those who have a need to cut through the clutter to reach you. NEVER use it to register anything. NEVER use it to post to a public forum or discussion list and instruct others you give it to not to give it out. NEVER list it in any directory. Having a private email account that is separate from your public one will allow you to check only that account when traveling. You'll be pleasantly surprised to see "real" email and only real email when you check that account. . How to filter pornographic spam out of your Inbox It seems every week I get a handful of folks asking me how to keep pornographic spam out of their Inboxes. It can be embarrassing, especially in a work environment, when your boss looks over your shoulder and sees subject lines in your Inbox about adult Web sites. It can be devastating when a child is using your computer and they get an HTML-enabled email with explicit photos. The majority of pornographic spam is sent with HTML-enabled email, for two reasons: 1. It allows spammers to display explicit images to you in hopes that you will be enticed to visit their adult Web site 2. Because those images are remotely served, spammers are able to determine an "open rate", which tells them of X thousand or million mailed to, how many actually opened the message and had the images load on their computer and how many clicked through to the porn site. This information is critical to them in deciding how responsive a list is, which will determine whether they mail to it multiple times or not. Because images are used in most porn spam, one way of blocking these types of messages is to use your email client to set a filter to check the body of incoming email messages for the following string of text: <img src This is the first portion of HTML code used to serve an image on Web pages and in HTML-formatted email. If your email program finds this text string present in a message, you may want to create a folder or mailbox called "Possible Spam" and have messages that meet this criterion filtered to that folder to keep them out of your Inbox. Do not filter email directly to the trashcan or deleted items folder, as no filters are 100% foolproof. Some real email always gets filtered, so you'll want to just create a spam trap. Now, this brings up an interesting question: What about corporate users that send email using rich text? What about HTML email newsletters that you subscribe to? . Business email or corporate email sent in HTML format or rich text format should have no problem getting through to you, provided no images are included in it. 95% of business email that I receive is ASCII text. The other 5% is rich formatted text, but I can't ever remember a time when a legitimate business communication contained an image in the body of the message. As far as HTML newsletters go, you can easily set a filter to look for a subject line string or From: address specific to that newsletter and have it filtered to your Inbox as real email. Most email filter systems read and process a filter list from top to bottom, so if you put your newsletter filters above your spam trap filters, the newsletters should arrive in your Inbox just fine. As with anything related to email and technology, YMMV (Your Mileage May Vary) and this will take some experimentation on your part to find out what works best for you. This method won't stop text-based porn spam - that can be blocked using common-word filtering - but it will keep explicit HTML email porn out of your Inbox quite effectively. . Most ISP's have spam filtering which you may not know about that must be turned on. Go to your ISP's website and see if they offer this. Many are using the Gray Scale methed as well as free virus E-mail scanning. Best wishes, Terrill Reynolds ---------- Email: [EMAIL PROTECTED] Windows Messenger:[EMAIL PROTECTED] Yahoo:terrillreynolds AIM:terrill36 PH:(910)842-7701----- Original Message ----- From: David ingram To: Terrill Reynolds Sent: Friday, July 06, 2007 6:58 AM Subject: what about 'xxx'? Hi how are you? Thank you for this information but what about 'xxx'? I've noticed that when i block senders list i have a lot of mail with 'xxx'. How can i find out where that mail is coming from and how if possible can i stop this mail? I have a lot of mail like this or i receive mail where the subject line isn't clear. Could that be another way for spamers to get you address? Thank you for any information that you may have. I'd like to also be able to use this information in an anti spam program! Determining the Source of Spam How to find the right ISP to complain to? It takes a close look at the spam message's header lines. These headers contain information about the path an email took. follow the path until the point where the email was sent from. From this point, also know as an IP address, it can derive the spammer's ISP and send the report to this ISP's abuse department. Let's take a closer look at how this works. Email: Header and Body Every email message consists of two parts, the body and the header. The header can be thought of as the envelope of the message, containing the address of the sender, the recipient, the subject and other information. The body contains the actual text and the attachments. Some header information usually displayed by your email program includes: List of 4 items . From: - The sender's name and email address. . To: - The recipient's name and email address. . Date: - The date when the message was sent. . Subject: - The subject line. list end Header Forging The actual delivery of emails does not depend on any of these headers, they are just convenience. Usually, the From: line, for example, will be set to the sender's address. This makes sure you know who the message is from and can reply easily. Spammers want to make sure you cannot reply easily, and certainly don't want you to know who they are. That's why they insert fictitious email addresses in the From: lines of their junk messages. Received: Lines So the From: line is useless if we want to determine the real source of an email. Fortunately, we need not rely on it. The headers of every email message also contains Received: lines. These are not usually displayed by email programs, but they can be very helpful in tracing spam. Find out how helpful they are, and how the analysis works What Email Headers can Tell You About the Origin of Spam Parsing Received: Header Lines Just like a postal letter will go through a number of post offices on its way from sender to recipient, an email message is processed and forwarded by several mail servers. Imagine every post office putting a special stamp on each letter. The stamp would say exactly when the letter was received, where it came from and where it was forwarded to by the post office. If you got the letter, you could determine the exact path taken by the letter. This is exactly what happens with email. Received: Lines for Tracing As a mail server processes a message, it adds a special line, the Received: line to the message's header. The Received: line contains, most interestingly, List of 2 items . the server name and IP address of the machine the server received the message from and . the name of the mail server itself. list end The Received: line is always inserted at the top of the message headers. If we want to reconstruct an email's journey from sender to recipient we also start at the topmost Received: line (why we do this will become apparent in a moment) and walk our way down until we have arrived at the last one, which is where the email originated. Received: Line Forging Spammers know that we will apply exactly this procedure to uncover their whereabouts. To fool us, they may insert forged Received: lines that point to somebody else sending the message. Since every mail server will always put its Received: line at the top, the spammers' forged headers can only be at the bottom of the Received: line chain. This is why we start our analysis at the top and don't just derive the point where an email originated from the first Received: line (at the bottom). How to Tell a Forged Received: Header Line The forged Received: lines inserted by spammers to fool us will look like all the other Received: lines (unless they make an obvious mistake, of course). By itself, you can't tell a forged Received: line from a genuine one. This is where one distinct feature of Received: lines comes into play. As we've noted above, every server will not only note who it is but also where it got the message from (in IP address form). We simply compare who a server claims to be with what the server one notch up in the chain says it really is. If the two don't match, the earlier Received: line has been forged. In this case, the origin of the email is what the server immediately after the forged Received: line has to say about who it got the message from. Are you ready for an example? List of 5 items Example Spam Analyzed and Traced Now that we know the theoretical underpinning, let's see how analyzing an junk email to identify its origin works in real life. I've just received an exemplary piece of spam that we can use for exercise. Here are the header lines: Received: from unknown (HELO 38.118.132.100) (62.105.106.207) by mail1.infinology.com with SMTP; 16 Nov 2003 19:50:37 -0000 Received: from [235.16.47.37] by 38.118.132.100 id <5416176-86323>; Sun, 16 Nov 2003 13:38:22 -0600 Message-ID: <[EMAIL PROTECTED]> From: "Reinaldo Gilliam" <[EMAIL PROTECTED]> Reply-To: "Reinaldo Gilliam" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Category A Get the meds u need lgvkalfnqnh bbk Date: Sun, 16 Nov 2003 13:38:22 GMT X-Mailer: Internet Mail Service (5.5.2650.21) MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="9B_9.._C_2EA.0DD_23" X-Priority: 3 X-MSMail-Priority: Normal Can you tell the IP address where the email originated? Sender and Subject First, take a look at the - forged - From: line. The spammer wants to make it look as if the message was sent from a Yahoo! Mail account. Together with the Reply-To: line, this From: address is aimed at directing all bouncing messages and angry replies to a non-existing Yahoo! Mail account. Next, the Subject: is a curious agglomeration of random characters. It is barely legible and obviously designed to fool spam filters (every message gets a slightly different set of random characters), but it is also quite skillfully crafted to get the message across in spite of this. The Received: Lines Finally, the Received: lines. Let's begin with the oldest, Received: from [235.16.47.37] by 38.118.132.100 id <5416176-86323>; Sun, 16 Nov 2003 13:38:22 -0600. There are no host names in it, but two IP addresses: 38.118.132.100 claims to have received the message from 235.16.47.37. If this is correct, 235.16.47.37 is where the email originated, and we'd find out which ISP this IP address belongs to, then send an abuse report to them. Let's see if the next (and in this case last) server in the chain confirms the first Received: line's claims: Received: from unknown (HELO 38.118.142.100) (62.105.106.207) by mail1.infinology.com with SMTP; 16 Nov 2003 19:50:37 -0000. Since mail1.infinology.com is the last server in the chain and indeed "my" server I know that I can trust it. It has received the message from an "unknown" host that claimed to have the IP address 38.118.132.100 (using the SMTP HELO command). So far, this is in line with what the previous Received: line said. Now let's see where my mail server did get the message from. To find out, we take a look at the IP address in brackets immediately before by mail1.infinology.com. This is the IP address the connection was established from, and it is not 38.118.132.100. No, 62.105.106.207 is where this piece of junk mail was sent from. Best wishes, Terrill Reynolds ---------- Email: [EMAIL PROTECTED] Windows Messenger:[EMAIL PROTECTED] Yahoo:terrillreynolds AIM:terrill36 PH:(910)842-7701 Visit the JAWS Users List home page at: http://www.jaws-users.com Address for the list archives: http://www.mail-archive.com/[email protected] To post to this group, send email to [email protected] To unsubscribe from this group, send an email to [EMAIL PROTECTED] For help from Mailman with your account Put the word help in the subject or body of a blank message to: [EMAIL PROTECTED] Use the following form in order to contact the management team http://www.jaws-users.com/managers.php If you wish to join the Blind Computing list send a blank email to the following address: [EMAIL PROTECTED] Visit the JAWS Users List home page at: http://www.jaws-users.com Address for the list archives: http://www.mail-archive.com/[email protected] To post to this group, send email to [email protected] To unsubscribe from this group, send an email to [EMAIL PROTECTED] For help from Mailman with your account Put the word help in the subject or body of a blank message to: [EMAIL PROTECTED] Use the following form in order to contact the management team http://www.jaws-users.com/managers.php If you wish to join the Blind Computing list send a blank email to the following address: [EMAIL PROTECTED]
