subject:"Re\: Email \& Spam"

Re: Email & Spam

2023-03-12 Thread Bruce Dawson

See injection below.

--Bruce

On 3/12/23 13:39, Joshua Judson Rosen wrote:
>   > On 3/10/23 12:43, Bruce Labitt wrote:
>   >> In email headers, are there any fields which are not spoof-able?  Or is 
> email simply a morass that is totally unsolvable and broken?  Simply 
> impossible to filter spam?  Now I am getting spam that is passing all the 
> dmarc, spf, and dkim checks.  Volume is relatively low at the
>   >> moment, 6 in 12 hours, but I am sure the bad guys are working on 
> increasing the volume.
>   >>
>   >> In particular, is
>   >>
>   >> X-Origin-Country reliable?  Or is this data field unsuitable for 
> filtering as well?
>   >>
>   >> Are there any mail client pre-filtering packages that can be added?  Or 
> is this a game best left to?
>
> On 3/10/23 17:02, Bruce Dawson wrote:
>> Essentially, no - all email headers are spoofable except the ones put on by 
>> your server. > Your server should insert a Received-by header that indicates 
>> who sent that message to you.
> Though in the case of the headers providing DKIM signatures, those are 
> "unspoofable" to the extent that they're used,
> since that's a cryptographic signature that you can verify.
>
> There are caveats there, basically that the DKIM signatures are only for 
> select _parts_ of the message...,
> but _generally_ if you have a valid DKIM signature then you at least know 
> where the message
> actually came from.
>
> And if you've got "spam that is passing all the dmarc, spf, and dkim checks", 
> then
> you know even more assuredly who's sending you spam.
>
> So, at least in theory, that gets you past the `detecting spoofs' point,
> so now you just have to worry about the spam coming in from new
> domains that you haven't blocked yet

Except when an intervening server deletes all the DKIM (and other) 
envelope information. Of course, that's a bad actor/server, but isn't 
that what most SPAM servers are?

___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Email & Spam

2023-03-12 Thread Joshua Judson Rosen

 > On 3/10/23 12:43, Bruce Labitt wrote:
 >> In email headers, are there any fields which are not spoof-able?  Or is 
 >> email simply a morass that is totally unsolvable and broken?  Simply 
 >> impossible to filter spam?  Now I am getting spam that is passing all the 
 >> dmarc, spf, and dkim checks.  Volume is relatively low at the
 >> moment, 6 in 12 hours, but I am sure the bad guys are working on increasing 
 >> the volume.
 >>
 >> In particular, is
 >>
 >> X-Origin-Country reliable?  Or is this data field unsuitable for filtering 
 >> as well?
 >>
 >> Are there any mail client pre-filtering packages that can be added?  Or is 
 >> this a game best left to?

On 3/10/23 17:02, Bruce Dawson wrote:
> Essentially, no - all email headers are spoofable except the ones put on by 
> your server. > Your server should insert a Received-by header that indicates 
> who sent that message to you.
Though in the case of the headers providing DKIM signatures, those are 
"unspoofable" to the extent that they're used,
since that's a cryptographic signature that you can verify.

There are caveats there, basically that the DKIM signatures are only for select 
_parts_ of the message...,
but _generally_ if you have a valid DKIM signature then you at least know where 
the message
actually came from.

And if you've got "spam that is passing all the dmarc, spf, and dkim checks", 
then
you know even more assuredly who's sending you spam.

So, at least in theory, that gets you past the `detecting spoofs' point,
so now you just have to worry about the spam coming in from new
domains that you haven't blocked yet

-- 
Connect with me on the GNU social network: 

Not on the network? Ask me for an invitation to a social hub!
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Email & Spam

2023-03-10 Thread Bruce Labitt

Thought that might be the case.

Is dnschecker.org at least slightly accurate? My last spam sender
address seemed to originate from or around the Kremlin Palace Complex.

Output is in my email of 4:34pm.

Honestly thinking about at least asking one of our Senators if this is
something I should be concerned about. I had a high level clearance, at
one time.

Or maybe it's ordinary spam, that just so happens to be spewing from
55.7522,37.6155 from IP address 194.87.244.234, from JSC MediaSoft
Ekspert. https://dnschecker.org/ip-location.php?ip=194.87.244.234 Does
spook me a bit, to be honest.

On 3/10/23 5:02 PM, Bruce Dawson wrote:

Essentially, no - all email headers are spoofable except the ones put
on by your server. Your server should insert a Received-by header that
indicates who sent that message to you.

You can "generally" trust headers put on by the likes of Google
(because your server can get the IP address of the server that
connected to you) and Google IP addresses are moderately static.
However, this is not always the case.

--Bruce

On 3/10/23 12:43, Bruce Labitt wrote:
In email headers, are there any fields which are not spoof-able? Or
is email simply a morass that is totally unsolvable and broken?
Simply impossible to filter spam? Now I am getting spam that is
passing all the dmarc, spf, and dkim checks. Volume is relatively
low at the moment, 6 in 12 hours, but I am sure the bad guys are
working on increasing the volume.

In particular, is

X-Origin-Country reliable? Or is this data field unsuitable for
filtering as well?

Are there any mail client pre-filtering packages that can be added?
Or is this a game best left to?

On 3/9/23 2:44 PM, Bruce Labitt wrote:
Spoke too soon. I am far from understanding this all, but why would
my ISP send me mail that failed the following tests?
dmarc, spf or dkim? The latest spam I received failed _all_ three
tests.

It appears not everyone is consistent with using this stuff, I found
an email from South West Airlines that apparently doesn't use dmarc,
but at least it passed spf and dkim. What a mess.

I tried to send this email and it was blocked when I included the
dmarc text.

On 3/9/23 11:49 AM, Bruce Labitt wrote:

Crossing fingers, my spam storm has paused. No spam since 3:27 EST
yesterday.

Cleaned out tons of old spam off my phone, which was tedious. Found
some miss-classified spam that were legitimate emails, like from
attorneys and banks, that I never received. Loads of stock tips, scams,
assorted pharmaceuticals, and of course, invitations to honeypots of the
female persuasion. Some were quite amusing.

Need to get back to the email spam storm on my wife's account now.
Not sure if one her groups she belongs to was compromised and her email
account sold to spammers or not. Seems like it.

My kids, both on different ISP's had no increase in spam in the past
week. I asked them last night, trying to figure out if this was a local
thing, or more wide spread. Guess it was local, or their ISP's were
more on the ball.

On 3/8/23 5:59 PM, Bruce Labitt wrote:

I think that something has been going on for a bit now.

However, I did go through some ancient spam emails (don't ask me why
they were still around, I plumb forgot they were accumulating) and found
quite a few of them posing as family members and people I knew, but were
not legitimate. Examining the headers showed they were trying to fool
me. All of them wanted me to click on some link - hoping to do some
nefarious thing or another to me. Many were from RU.

Oh, I have been using the filters! I have filtered every domain ending
in xyz, .store and a few others. It's not as easy to filter against
yourself...

Is it better to have these messages go to junk, or direct to trash?
Using Thunderbird if that matters.

On 3/8/23 5:22 PM, Ronald Smith wrote:

Hi all,

There is a coordinated attack happening right now on many forms of
communication; email, social media, everything -- someone doesn't want people
communicating right now. The increase in spam is just part of it.

Emails that I've sent to gmail have been bounced, maybe because gmail has
tightened their filters, maybe it's a false flag. I'm not sure and I'm not
going waste my time tracking it down right now. If someone wants to reach me,
they can just call me on the phone.

To the guy who said you should block all the IP's in the header -- that's
ABSOLUTELY WRONG! Whoever has launched this attack wants folks to do that --
they want folks to block stuff to further limit communication. Don't do that!

You can only trust the top "Received" notice in your email header. SMTP servers are
supposed to tack on their info to the top of the message and send it along to the next server, but
spammers or provocateurs will often falsify the tracking info below the most recent
"Received" line, so you should just ignore that.

Just put up with the spam for now; don't over-react. Your email

Re: Email & Spam

2023-03-10 Thread Bruce Dawson

Essentially, no - all email headers are spoofable except the ones put on
by your server. Your server should insert a Received-by header that
indicates who sent that message to you.

You can "generally" trust headers put on by the likes of Google (because
your server can get the IP address of the server that connected to you)
and Google IP addresses are moderately static. However, this is not
always the case.

--Bruce

On 3/10/23 12:43, Bruce Labitt wrote:
In email headers, are there any fields which are not spoof-able? Or
is email simply a morass that is totally unsolvable and broken?
Simply impossible to filter spam? Now I am getting spam that is
passing all the dmarc, spf, and dkim checks. Volume is relatively low
at the moment, 6 in 12 hours, but I am sure the bad guys are working
on increasing the volume.

In particular, is

X-Origin-Country reliable? Or is this data field unsuitable for
filtering as well?

Are there any mail client pre-filtering packages that can be added?
Or is this a game best left to?

It appears not everyone is consistent with using this stuff, I found
an email from South West Airlines that apparently doesn't use dmarc,
but at least it passed spf and dkim. What a mess.

I tried to send this email and it was blocked when I included the
dmarc text.

On 3/9/23 11:49 AM, Bruce Labitt wrote:

Crossing fingers, my spam storm has paused. No spam since 3:27 EST
yesterday.

Need to get back to the email spam storm on my wife's account now.
Not sure if one her groups she belongs to was compromised and her email
account sold to spammers or not. Seems like it.

On 3/8/23 5:59 PM, Bruce Labitt wrote:

I think that something has been going on for a bit now.

Oh, I have been using the filters! I have filtered every domain ending
in xyz, .store and a few others. It's not as easy to filter against
yourself...

Is it better to have these messages go to junk, or direct to trash?
Using Thunderbird if that matters.

On 3/8/23 5:22 PM, Ronald Smith wrote:

Hi all,

Just put up with the spam for now; don't over-react. Your email providers will
know how to handle this if they have enough experience. Use the filters in your
client if you need to.

Have fun...

Ronald Smith
r...@mrt4.com
603-360-1000

- - - -

On Wed, 8 Mar 2023 13:31:56 -0500
Bruce Labitt wrote:

Seems to be an uptick in spam received lately. Doesn't seem that my ISP
is on top of it. In the past 48 hours have received at least three
dozen spams from similar parties. Many seem to be coming from *.store
domains. I haven't knowingly ever visited one of these domains.

I don't think I want to run my own email server - mostly because 1) I
really don't know how to set one up, and 2) it sounds like a bit

Re: Email & Spam

2023-03-10 Thread Bruce Labitt

Found dnschecker.org  As suspected, most of these stupid spams are 
coming from Moscow. Today's stupid pillow spam ad analyzed:


Email Source Ip Info
Source IP Address     194.87.244.234
Source IP Hostname     194.87.244.234
Country     Russia
State     Moscow
City     Moscow (Vostochnyy administrativnyy okrug)
Zip Code     null
Latitude     55.8106
Longitude     37.8166
ISP     JSC "RetnNet"
Organization     JSC "RetnNet"
Threat Level     low

% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.
%   To receive output for a database update, use the "-B" flag.

% Information related to '194.87.244.0 - 194.87.244.255'

% Abuse contact for '194.87.244.0 - 194.87.244.255' is 'ab...@mtw.ru'

inetnum:    194.87.244.0 - 194.87.244.255
netname:    RUCLOUD
descr:  Startup maintainer
country:    RU
org:    ORG-JME1-RIPE
admin-c:    AK14258-RIPE
tech-c: AK14258-RIPE
mnt-routes: MNT-RETN
mnt-domains:    MNT-RETN
status: ASSIGNED PA
mnt-by: interlir-mnt
created:    2022-11-15T17:11:09Z
last-modified:  2022-12-20T16:11:23Z
source: RIPE

organisation:   ORG-JME1-RIPE
org-name:   JSC Mediasoft ekspert
country:    RU
org-type:   LIR
address:    2a Schelkovskoe sh.
address:    105122
address:    Moscow
address:    RUSSIAN FEDERATION
phone:  +74957295734
fax-no: +74957295734
admin-c:    FVV36-RIPE
admin-c:    PSK26-RIPE
admin-c:    EE761-RIPE
abuse-c:    MN3617-RIPE
mnt-ref:    RIPE-NCC-HM-MNT
mnt-ref:    MTW-MNT
mnt-ref:    AS2118-MNT
mnt-by: RIPE-NCC-HM-MNT
mnt-by: MTW-MNT
created:    2008-02-11T11:21:07Z
last-modified:  2020-12-16T13:05:31Z
source: RIPE # Filtered

person: Alexey Khoroshilov
address:    117403, Moscow, MKAD, 32nd km, 7A
phone:  +7 (495) 134-01-12
nic-hdl:    AK14258-RIPE
mnt-by: MT-TECHNOLOGY-NET
created:    2015-06-24T12:10:58Z
last-modified:  2015-06-24T12:10:58Z
source: RIPE # Filtered

% Information related to '194.87.244.0/24AS9002'

route:  194.87.244.0/24
origin: AS9002
mnt-by: interlir-mnt
created:    2022-11-15T17:11:52Z
last-modified:  2022-11-15T17:11:52Z
source: RIPE

% This query was served by the RIPE Database Query Service version 1.106 
(SHETLAND)


Tracing the location (probably not accurate) gives me a location right 
next to the "State Kremlin Palace".

55.752199,37.6155

Yeah, that sounds benign...  So is this normal, or should I contact the FBI?







On 3/10/23 12:43 PM, Bruce Labitt wrote:
In email headers, are there any fields which are not spoof-able?  Or 
is email simply a morass that is totally unsolvable and broken?  
Simply impossible to filter spam?  Now I am getting spam that is 
passing all the dmarc, spf, and dkim checks.  Volume is relatively low 
at the moment, 6 in 12 hours, but I am sure the bad guys are working 
on increasing the volume.


In particular, is

X-Origin-Country reliable?  Or is this data field unsuitable for 
filtering as well?


Are there any mail client pre-filtering packages that can be added?  
Or is this a game best left to?





On 3/9/23 2:44 PM, Bruce Labitt wrote:
Spoke too soon.  I am far from understanding this all, but why would 
my ISP send me mail that failed the following tests?
dmarc, spf or dkim?  The latest spam I received failed _all_ three 
tests.


It appears not everyone is consistent with using this stuff, I found 
an email from South West Airlines that apparently doesn't use dmarc, 
but at least it passed spf and dkim.  What a mess.


I tried to send this email and it was blocked when I included the 
dmarc text.


On 3/9/23 11:49 AM, Bruce Labitt wrote:

Crossing fingers, my spam storm has paused.  No spam since 3:27 EST
yesterday.

Cleaned out tons of old spam off my phone, which was tedious.  Found
some miss-classified spam that were legitimate emails, like from
attorneys and banks, that I never received.  Loads of stock tips, scams,
assorted pharmaceuticals, and of course, invitations to honeypots of the
female persuasion.  Some were quite amusing.

Need to get back to the email spam storm on my wife's account now.
Not sure if one her groups she belongs to was compromised and her email
account sold to spammers or not. Seems like it.

My kids, both on different ISP's had no increase in spam in the past
week.  I asked them last night, trying to figure out if this was a local
thing, or more wide spread.  Guess it was local, or their ISP's were
more on the ball.



On 3/8/23 5:59 PM, Bruce Labitt wrote:

I think that something has been going on for a bit now.

However, I did go through some ancient spam emails (don't ask me why
they were still around, I plumb forgot they were accumulating)

Re: Email & Spam

2023-03-10 Thread Bruce Labitt

In email headers, are there any fields which are not spoof-able? Or is
email simply a morass that is totally unsolvable and broken? Simply
impossible to filter spam? Now I am getting spam that is passing all the
dmarc, spf, and dkim checks. Volume is relatively low at the moment, 6
in 12 hours, but I am sure the bad guys are working on increasing the
volume.

In particular, is

X-Origin-Country reliable? Or is this data field unsuitable for
filtering as well?

Are there any mail client pre-filtering packages that can be added? Or
is this a game best left to?

On 3/9/23 2:44 PM, Bruce Labitt wrote:
Spoke too soon. I am far from understanding this all, but why would
my ISP send me mail that failed the following tests?

dmarc, spf or dkim? The latest spam I received failed _all_ three tests.

It appears not everyone is consistent with using this stuff, I found
an email from South West Airlines that apparently doesn't use dmarc,
but at least it passed spf and dkim. What a mess.

I tried to send this email and it was blocked when I included the
dmarc text.

On 3/9/23 11:49 AM, Bruce Labitt wrote:

Crossing fingers, my spam storm has paused. No spam since 3:27 EST
yesterday.

Need to get back to the email spam storm on my wife's account now.
Not sure if one her groups she belongs to was compromised and her email
account sold to spammers or not. Seems like it.

On 3/8/23 5:59 PM, Bruce Labitt wrote:

I think that something has been going on for a bit now.

Oh, I have been using the filters! I have filtered every domain ending
in xyz, .store and a few others. It's not as easy to filter against
yourself...

Is it better to have these messages go to junk, or direct to trash?
Using Thunderbird if that matters.

On 3/8/23 5:22 PM, Ronald Smith wrote:

Hi all,

Just put up with the spam for now; don't over-react. Your email providers will
know how to handle this if they have enough experience. Use the filters in your
client if you need to.

Have fun...

Ronald Smith
r...@mrt4.com
603-360-1000

- - - -

On Wed, 8 Mar 2023 13:31:56 -0500
Bruce Labitt wrote:

I don't think I want to run my own email server - mostly because 1) I
really don't know how to set one up, and 2) it sounds like a bit of work
to maintain. Of course, I could be wrong, which is why I am asking.

I did a whois, and due to privacy cr*p, there's no longer a way to get
to the registrants. I can see why this might be, but it does make it
harder to report people. I did report a couple of domains as spammers
to godaddy, since I *think* they were the registrar. This really
doesn't seem kosher to me, since godaddy gets revenue from the
spammers. I also reported a domain or two to my

Re: Email & Spam

2023-03-09 Thread Bruce Labitt

Spoke too soon. I am far from understanding this all, but why would my
ISP send me mail that failed the following tests?

dmarc, spf or dkim? The latest spam I received failed _all_ three tests.

It appears not everyone is consistent with using this stuff, I found an
email from South West Airlines that apparently doesn't use dmarc, but at
least it passed spf and dkim. What a mess.

I tried to send this email and it was blocked when I included the dmarc
text.

On 3/9/23 11:49 AM, Bruce Labitt wrote:

Crossing fingers, my spam storm has paused. No spam since 3:27 EST
yesterday.

Need to get back to the email spam storm on my wife's account now.
Not sure if one her groups she belongs to was compromised and her email
account sold to spammers or not. Seems like it.

On 3/8/23 5:59 PM, Bruce Labitt wrote:

I think that something has been going on for a bit now.

Oh, I have been using the filters! I have filtered every domain ending
in xyz, .store and a few others. It's not as easy to filter against
yourself...

Is it better to have these messages go to junk, or direct to trash?
Using Thunderbird if that matters.

On 3/8/23 5:22 PM, Ronald Smith wrote:

Hi all,

Just put up with the spam for now; don't over-react. Your email providers will
know how to handle this if they have enough experience. Use the filters in your
client if you need to.

Have fun...

Ronald Smith
r...@mrt4.com
603-360-1000

- - - -

On Wed, 8 Mar 2023 13:31:56 -0500
Bruce Labitt wrote:

In my wife's case, one or more of her acquaintances (with Windows
computers?) have had their accounts compromised or information stolen,
and she has been super subscribed to what seems like dozens and dozens
of spamming lists. Her spam folder on her phone receives may hundreds
of emails a day - it's really out of control. How can we get out of
this mess?

Anyways, are there any practical ways to get a better handle on this?
Looking for some ideas. Thanks for any and all suggestions. I hope
this would be a topic of interest to others on this

Re: Email & Spam

2023-03-09 Thread Bruce Labitt

Crossing fingers, my spam storm has paused.  No spam since 3:27 EST 
yesterday.

Cleaned out tons of old spam off my phone, which was tedious.  Found 
some miss-classified spam that were legitimate emails, like from 
attorneys and banks, that I never received.  Loads of stock tips, scams, 
assorted pharmaceuticals, and of course, invitations to honeypots of the 
female persuasion.  Some were quite amusing.

Need to get back to the email spam storm on my wife's account now.
Not sure if one her groups she belongs to was compromised and her email 
account sold to spammers or not. Seems like it.

My kids, both on different ISP's had no increase in spam in the past 
week.  I asked them last night, trying to figure out if this was a local 
thing, or more wide spread.  Guess it was local, or their ISP's were 
more on the ball.



On 3/8/23 5:59 PM, Bruce Labitt wrote:
> I think that something has been going on for a bit now.
>
> However, I did go through some ancient spam emails (don't ask me why
> they were still around, I plumb forgot they were accumulating) and found
> quite a few of them posing as family members and people I knew, but were
> not legitimate.  Examining the headers showed they were trying to fool
> me.  All of them wanted me to click on some link - hoping to do some
> nefarious thing or another to me.  Many were from RU.
>
> Oh, I have been using the filters!  I have filtered every domain ending
> in xyz, .store and a few others.  It's not as easy to filter against
> yourself...
>
> Is it better to have these messages go to junk, or direct to trash?
> Using Thunderbird if that matters.
>
>
> On 3/8/23 5:22 PM, Ronald Smith wrote:
>> Hi all,
>>
>> There is a coordinated attack happening right now on many forms of 
>> communication; email, social media, everything -- someone doesn't want 
>> people communicating right now. The increase in spam is just part of it.
>>
>> Emails that I've sent to gmail have been bounced, maybe because gmail has 
>> tightened their filters, maybe it's a false flag. I'm not sure and I'm not 
>> going waste my time tracking it down right now. If someone wants to reach 
>> me, they can just call me on the phone.
>>
>> To the guy who said you should block all the IP's in the header -- that's 
>> ABSOLUTELY WRONG! Whoever has launched this attack wants folks to do that -- 
>> they want folks to block stuff to further limit communication. Don't do that!
>>
>> You can only trust the top "Received" notice in your email header. SMTP 
>> servers are supposed to tack on their info to the top of the message and 
>> send it along to the next server, but spammers or provocateurs will often 
>> falsify the tracking info below the most recent "Received" line, so you 
>> should just ignore that.
>>
>> Just put up with the spam for now; don't over-react. Your email providers 
>> will know how to handle this if they have enough experience. Use the filters 
>> in your client if you need to.
>>
>> Have fun...
>>
>> Ronald Smith
>> r...@mrt4.com
>> 603-360-1000
>>
>> - - - -
>>
>> On Wed, 8 Mar 2023 13:31:56 -0500
>> Bruce Labitt  wrote:
>>
>>> Seems to be an uptick in spam received lately.  Doesn't seem that my ISP
>>> is on top of it.  In the past 48 hours have received at least three
>>> dozen spams from similar parties.  Many seem to be coming from *.store
>>> domains.  I haven't knowingly ever visited one of these domains.
>>>
>>> I don't think I want to run my own email server - mostly because 1) I
>>> really don't know how to set one up, and 2) it sounds like a bit of work
>>> to maintain.  Of course, I could be wrong, which is why I am asking.
>>>
>>> I did a whois, and due to privacy cr*p, there's no longer a way to get
>>> to the registrants.  I can see why this might be, but it does make it
>>> harder to report people.  I did report a couple of domains as spammers
>>> to godaddy, since I *think* they were the registrar.  This really
>>> doesn't seem kosher to me, since godaddy gets revenue from the
>>> spammers.  I also reported a domain or two to my ISP.  Things have
>>> slightly slowed down, but I am not holding my breath.
>>>
>>> In my wife's case, one or more of her acquaintances (with Windows
>>> computers?) have had their accounts compromised or information stolen,
>>> and she has been super subscribed to what seems like dozens and dozens
>>> of spamming lists.  Her spam folder on her phone receives may hundreds
>>> of emails a day - it's really out of control.  How can we get out of
>>> this mess?
>>>
>>> Anyways, are there any practical ways to get a better handle on this?
>>> Looking for some ideas.  Thanks for any and all suggestions.  I hope
>>> this would be a topic of interest to others on this list.  If for no
>>> other reason to share what worked and what didn't.
>>>
>>> ___
>>> gnhlug-discuss mailing list
>>> gnhlug-discuss@mail.gnhlug.org
>>> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
>
>

Re: Email & Spam

2023-03-08 Thread Bruce Labitt

I think that something has been going on for a bit now.

However, I did go through some ancient spam emails (don't ask me why 
they were still around, I plumb forgot they were accumulating) and found 
quite a few of them posing as family members and people I knew, but were 
not legitimate.  Examining the headers showed they were trying to fool 
me.  All of them wanted me to click on some link - hoping to do some 
nefarious thing or another to me.  Many were from RU.

Oh, I have been using the filters!  I have filtered every domain ending 
in xyz, .store and a few others.  It's not as easy to filter against 
yourself...

Is it better to have these messages go to junk, or direct to trash?  
Using Thunderbird if that matters.


On 3/8/23 5:22 PM, Ronald Smith wrote:
> Hi all,
>
> There is a coordinated attack happening right now on many forms of 
> communication; email, social media, everything -- someone doesn't want people 
> communicating right now. The increase in spam is just part of it.
>
> Emails that I've sent to gmail have been bounced, maybe because gmail has 
> tightened their filters, maybe it's a false flag. I'm not sure and I'm not 
> going waste my time tracking it down right now. If someone wants to reach me, 
> they can just call me on the phone.
>
> To the guy who said you should block all the IP's in the header -- that's 
> ABSOLUTELY WRONG! Whoever has launched this attack wants folks to do that -- 
> they want folks to block stuff to further limit communication. Don't do that!
>
> You can only trust the top "Received" notice in your email header. SMTP 
> servers are supposed to tack on their info to the top of the message and send 
> it along to the next server, but spammers or provocateurs will often falsify 
> the tracking info below the most recent "Received" line, so you should just 
> ignore that.
>
> Just put up with the spam for now; don't over-react. Your email providers 
> will know how to handle this if they have enough experience. Use the filters 
> in your client if you need to.
>
> Have fun...
>
> Ronald Smith
> r...@mrt4.com
> 603-360-1000
>
> - - - -
>
> On Wed, 8 Mar 2023 13:31:56 -0500
> Bruce Labitt  wrote:
>
>> Seems to be an uptick in spam received lately.  Doesn't seem that my ISP
>> is on top of it.  In the past 48 hours have received at least three
>> dozen spams from similar parties.  Many seem to be coming from *.store
>> domains.  I haven't knowingly ever visited one of these domains.
>>
>> I don't think I want to run my own email server - mostly because 1) I
>> really don't know how to set one up, and 2) it sounds like a bit of work
>> to maintain.  Of course, I could be wrong, which is why I am asking.
>>
>> I did a whois, and due to privacy cr*p, there's no longer a way to get
>> to the registrants.  I can see why this might be, but it does make it
>> harder to report people.  I did report a couple of domains as spammers
>> to godaddy, since I *think* they were the registrar.  This really
>> doesn't seem kosher to me, since godaddy gets revenue from the
>> spammers.  I also reported a domain or two to my ISP.  Things have
>> slightly slowed down, but I am not holding my breath.
>>
>> In my wife's case, one or more of her acquaintances (with Windows
>> computers?) have had their accounts compromised or information stolen,
>> and she has been super subscribed to what seems like dozens and dozens
>> of spamming lists.  Her spam folder on her phone receives may hundreds
>> of emails a day - it's really out of control.  How can we get out of
>> this mess?
>>
>> Anyways, are there any practical ways to get a better handle on this?
>> Looking for some ideas.  Thanks for any and all suggestions.  I hope
>> this would be a topic of interest to others on this list.  If for no
>> other reason to share what worked and what didn't.
>>
>> ___
>> gnhlug-discuss mailing list
>> gnhlug-discuss@mail.gnhlug.org
>> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/


___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Email & Spam

2023-03-08 Thread Bryan Borsa

I said report the IP’s not block.

I don’t see anywhere where blocking IP’s was mentioned by anyone.

 - Bryan



> On Mar 8, 2023, at 5:22 PM, Ronald Smith  wrote:
> 
> Hi all,
> 
> There is a coordinated attack happening right now on many forms of 
> communication; email, social media, everything -- someone doesn't want people 
> communicating right now. The increase in spam is just part of it.
> 
> Emails that I've sent to gmail have been bounced, maybe because gmail has 
> tightened their filters, maybe it's a false flag. I'm not sure and I'm not 
> going waste my time tracking it down right now. If someone wants to reach me, 
> they can just call me on the phone.
> 
> To the guy who said you should block all the IP's in the header -- that's 
> ABSOLUTELY WRONG! Whoever has launched this attack wants folks to do that -- 
> they want folks to block stuff to further limit communication. Don't do that!
> 
> You can only trust the top "Received" notice in your email header. SMTP 
> servers are supposed to tack on their info to the top of the message and send 
> it along to the next server, but spammers or provocateurs will often falsify 
> the tracking info below the most recent "Received" line, so you should just 
> ignore that. 
> 
> Just put up with the spam for now; don't over-react. Your email providers 
> will know how to handle this if they have enough experience. Use the filters 
> in your client if you need to.
> 
> Have fun...
> 
> Ronald Smith
> r...@mrt4.com
> 603-360-1000
> 
> - - - -
> 
> On Wed, 8 Mar 2023 13:31:56 -0500
> Bruce Labitt  wrote:
> 
>> Seems to be an uptick in spam received lately.  Doesn't seem that my ISP 
>> is on top of it.  In the past 48 hours have received at least three 
>> dozen spams from similar parties.  Many seem to be coming from *.store 
>> domains.  I haven't knowingly ever visited one of these domains.
>> 
>> I don't think I want to run my own email server - mostly because 1) I 
>> really don't know how to set one up, and 2) it sounds like a bit of work 
>> to maintain.  Of course, I could be wrong, which is why I am asking.
>> 
>> I did a whois, and due to privacy cr*p, there's no longer a way to get 
>> to the registrants.  I can see why this might be, but it does make it 
>> harder to report people.  I did report a couple of domains as spammers 
>> to godaddy, since I *think* they were the registrar.  This really 
>> doesn't seem kosher to me, since godaddy gets revenue from the 
>> spammers.  I also reported a domain or two to my ISP.  Things have 
>> slightly slowed down, but I am not holding my breath.
>> 
>> In my wife's case, one or more of her acquaintances (with Windows 
>> computers?) have had their accounts compromised or information stolen, 
>> and she has been super subscribed to what seems like dozens and dozens 
>> of spamming lists.  Her spam folder on her phone receives may hundreds 
>> of emails a day - it's really out of control.  How can we get out of 
>> this mess?
>> 
>> Anyways, are there any practical ways to get a better handle on this? 
>> Looking for some ideas.  Thanks for any and all suggestions.  I hope 
>> this would be a topic of interest to others on this list.  If for no 
>> other reason to share what worked and what didn't.
>> 
>> ___
>> gnhlug-discuss mailing list
>> gnhlug-discuss@mail.gnhlug.org
>> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
> 
> ___
> gnhlug-discuss mailing list
> gnhlug-discuss@mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/


___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Email & Spam

2023-03-08 Thread Ronald Smith

Hi all,

There is a coordinated attack happening right now on many forms of 
communication; email, social media, everything -- someone doesn't want people 
communicating right now. The increase in spam is just part of it.

Emails that I've sent to gmail have been bounced, maybe because gmail has 
tightened their filters, maybe it's a false flag. I'm not sure and I'm not 
going waste my time tracking it down right now. If someone wants to reach me, 
they can just call me on the phone.

To the guy who said you should block all the IP's in the header -- that's 
ABSOLUTELY WRONG! Whoever has launched this attack wants folks to do that -- 
they want folks to block stuff to further limit communication. Don't do that!

You can only trust the top "Received" notice in your email header. SMTP servers 
are supposed to tack on their info to the top of the message and send it along 
to the next server, but spammers or provocateurs will often falsify the 
tracking info below the most recent "Received" line, so you should just ignore 
that. 

Just put up with the spam for now; don't over-react. Your email providers will 
know how to handle this if they have enough experience. Use the filters in your 
client if you need to.

Have fun...

Ronald Smith
r...@mrt4.com
603-360-1000

- - - -

On Wed, 8 Mar 2023 13:31:56 -0500
Bruce Labitt  wrote:

> Seems to be an uptick in spam received lately.  Doesn't seem that my ISP 
> is on top of it.  In the past 48 hours have received at least three 
> dozen spams from similar parties.  Many seem to be coming from *.store 
> domains.  I haven't knowingly ever visited one of these domains.
> 
> I don't think I want to run my own email server - mostly because 1) I 
> really don't know how to set one up, and 2) it sounds like a bit of work 
> to maintain.  Of course, I could be wrong, which is why I am asking.
> 
> I did a whois, and due to privacy cr*p, there's no longer a way to get 
> to the registrants.  I can see why this might be, but it does make it 
> harder to report people.  I did report a couple of domains as spammers 
> to godaddy, since I *think* they were the registrar.  This really 
> doesn't seem kosher to me, since godaddy gets revenue from the 
> spammers.  I also reported a domain or two to my ISP.  Things have 
> slightly slowed down, but I am not holding my breath.
> 
> In my wife's case, one or more of her acquaintances (with Windows 
> computers?) have had their accounts compromised or information stolen, 
> and she has been super subscribed to what seems like dozens and dozens 
> of spamming lists.  Her spam folder on her phone receives may hundreds 
> of emails a day - it's really out of control.  How can we get out of 
> this mess?
> 
> Anyways, are there any practical ways to get a better handle on this? 
> Looking for some ideas.  Thanks for any and all suggestions.  I hope 
> this would be a topic of interest to others on this list.  If for no 
> other reason to share what worked and what didn't.
> 
> ___
> gnhlug-discuss mailing list
> gnhlug-discuss@mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Email & Spam

2023-03-08 Thread Bruce Labitt

Radix?  That name did not show in my $ whois output.

$ whois --version
Version 5.5.13.

Well I did send all the message source info to godaddy when I filed the 
abuse complaint.  I also sent the same info to my ISP.  There's 
practically been no change so far, just a new "sender" has arrived to 
take the previous one's place.

Apparently this is an ongoing battle. Are there any better ISP's that 
are more aggressive about taking this spam issue more seriously?  Are 
there any anti spam laws in NH, or the US?  There is the CAN-SPAM act, 
according to the FTC, but these spammers put in enough info to 
technically be close to compliance.

The fact that many of these spams are

X-Origin-Country: RU

Gives me pause.

On 3/8/23 4:24 PM, Bryan Borsa wrote:

The registry is Radix
The registrar is GoDaddy

My command line whois outputs more info than what is below ( the 
registry info for example ) , but the Registrar info is the same.

Domains By Proxy is also GoDaddy, well, owned by the same guy that 
founded it anyway, they’re connected. It is almost certain that this 
domain name was purchased from them.

To know where a spam email originated from though, you would have to 
parse the email headers, which would list the IP address of every mail 
server it went through.  Reporting those IP’s is generally more 
effective at stopping spam than reporting domain names.

There are likely automated ways of doing that, but I am not familiar 
with them.  I do know that mail server reputation is something that 
mail providers / businesses care about ( to some extent anyway, and 
some more than others ), because they get shut off if it gets too low. 
( other people won’t take their mail ).

 - Bryan

On Mar 8, 2023, at 2:06 PM, Bruce Labitt 
 wrote:

Perhaps I am misunderstanding how to interpret the output.  This is 
one of the outputs of whois

$ whois aagyemang.store
Domain Name: AAGYEMANG.STORE
Registry Domain ID: D345146502-CNIC
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: https://www.godaddy.com/
Updated Date: 2023-02-23T09:25:07.0Z
Creation Date: 2023-01-23T21:28:02.0Z
Registry Expiry Date: 2024-01-23T23:59:59.0Z
Registrar: Go Daddy, LLC
Registrar IANA ID: 146
Domain Status: serverTransferProhibited 
https://icann.org/epp#serverTransferProhibited
Domain Status: clientRenewProhibited 
https://icann.org/epp#clientRenewProhibited
Domain Status: clientTransferProhibited 
https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited 
https://icann.org/epp#clientUpdateProhibited
Domain Status: clientDeleteProhibited 
https://icann.org/epp#clientDeleteProhibited

Registrant Organization: Domains By Proxy, LLC
Registrant State/Province: Arizona
Registrant Country: US
Registrant Email: Please query the RDDS service of the Registrar of 
Record identified in this output for information on how to contact 
the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record 
identified in this output for information on how to contact the 
Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record 
identified in this output for information on how to contact the 
Registrant, Admin, or Tech contact of the queried domain name.

Name Server: NS37.DOMAINCONTROL.COM
Name Server: NS38.DOMAINCONTROL.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of 
Record identified in this output for information on how to contact 
the Registrant, Admin, or Tech contact of the queried domain name.

Registrar Abuse Contact Email: ab...@godaddy.com
Registrar Abuse Contact Phone: +1.4805058800
URL of the ICANN Whois Inaccuracy Complaint Form: 
https://www.icann.org/wicf/

>>> Last update of WHOIS database: 2023-03-08T18:40:36.0Z <<<

For more information on Whois status codes, please visit 
https://icann.org/epp

>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<

The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)

Access to the Whois and RDAP services is rate limited. For more
information, visit 
https://registrar-console.centralnic.com/pub/whois_guidance.

Registrar is godaddy.  I did contact ab...@godaddy.com.  Is there a 
more automated (scripted?) way of getting this done?  So it

Re: Email & Spam

2023-03-08 Thread Bryan Borsa

The registry is Radix
The registrar is GoDaddy

My command line whois outputs more info than what is below ( the registry info 
for example ) , but the Registrar info is the same.

Domains By Proxy is also GoDaddy, well, owned by the same guy that founded it 
anyway, they’re connected. It is almost certain that this domain name was 
purchased from them.

To know where a spam email originated from though, you would have to parse the 
email headers, which would list the IP address of every mail server it went 
through.  Reporting those IP’s is generally more effective at stopping spam 
than reporting domain names.

There are likely automated ways of doing that, but I am not familiar with them. 
 I do know that mail server reputation is something that mail providers / 
businesses care about ( to some extent anyway, and some more than others ), 
because they get shut off if it gets too low. ( other people won’t take their 
mail ).



 - Bryan








> On Mar 8, 2023, at 2:06 PM, Bruce Labitt  wrote:
> 
> Perhaps I am misunderstanding how to interpret the output.  This is one of 
> the outputs of whois
> 
> $ whois aagyemang.store
> Domain Name: AAGYEMANG.STORE
> Registry Domain ID: D345146502-CNIC
> Registrar WHOIS Server: whois.godaddy.com
> Registrar URL: https://www.godaddy.com/
> Updated Date: 2023-02-23T09:25:07.0Z
> Creation Date: 2023-01-23T21:28:02.0Z
> Registry Expiry Date: 2024-01-23T23:59:59.0Z
> Registrar: Go Daddy, LLC
> Registrar IANA ID: 146
> Domain Status: serverTransferProhibited 
> https://icann.org/epp#serverTransferProhibited
> Domain Status: clientRenewProhibited 
> https://icann.org/epp#clientRenewProhibited
> Domain Status: clientTransferProhibited 
> https://icann.org/epp#clientTransferProhibited
> Domain Status: clientUpdateProhibited 
> https://icann.org/epp#clientUpdateProhibited
> Domain Status: clientDeleteProhibited 
> https://icann.org/epp#clientDeleteProhibited
> Registrant Organization: Domains By Proxy, LLC
> Registrant State/Province: Arizona
> Registrant Country: US
> Registrant Email: Please query the RDDS service of the Registrar of Record 
> identified in this output for information on how to contact the Registrant, 
> Admin, or Tech contact of the queried domain name.
> Admin Email: Please query the RDDS service of the Registrar of Record 
> identified in this output for information on how to contact the Registrant, 
> Admin, or Tech contact of the queried domain name.
> Tech Email: Please query the RDDS service of the Registrar of Record 
> identified in this output for information on how to contact the Registrant, 
> Admin, or Tech contact of the queried domain name.
> Name Server: NS37.DOMAINCONTROL.COM
> Name Server: NS38.DOMAINCONTROL.COM
> DNSSEC: unsigned
> Billing Email: Please query the RDDS service of the Registrar of Record 
> identified in this output for information on how to contact the 
> Registrant, Admin, or Tech contact of the queried domain name.
> Registrar Abuse Contact Email: ab...@godaddy.com 
> Registrar Abuse Contact Phone: +1.4805058800
> URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
> >>> Last update of WHOIS database: 2023-03-08T18:40:36.0Z <<<
> 
> For more information on Whois status codes, please visit https://icann.org/epp
> 
> >>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
> https://www.centralnic.com/support/rdap <<<
> 
> The Whois and RDAP services are provided by CentralNic, and contain
> information pertaining to Internet domain names registered by our
> our customers. By using this service you are agreeing (1) not to use any
> information presented here for any purpose other than determining
> ownership of domain names, (2) not to store or reproduce this data in
> any way, (3) not to use any high-volume, automated, electronic processes
> to obtain data from this service. Abuse of this service is monitored and
> actions in contravention of these terms will result in being permanently
> blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com 
> )
> 
> Access to the Whois and RDAP services is rate limited. For more
> information, visit 
> https://registrar-console.centralnic.com/pub/whois_guidance.
> 
> 
> Registrar is godaddy.  I did contact ab...@godaddy.com 
> .  Is there a more automated (scripted?) way of 
> getting this done?  So it doesn't take so much of my time?  It feels like 
> tilting at windmills, but, it would be good to fight back a little.  Domains 
> by Proxy is the intermediary - a corporation set up to "manage unsolicited 
> contacts from third parties and keeping the domains owners' personal 
> information secret".  https://en.wikipedia.org/wiki/Domains_by_Proxy
> 
> Is ab...@godaddy.com  the only (legitimate) 
> mechanism available to me?
> 
> What does the domain status above mean?  That the status is unavailable to 
> me?  Or

Re: Email & Spam

2023-03-08 Thread Bruce Labitt

Perhaps I am misunderstanding how to interpret the output.  This is one 
of the outputs of whois

$ whois aagyemang.store
Domain Name: AAGYEMANG.STORE
Registry Domain ID: D345146502-CNIC
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: https://www.godaddy.com/
Updated Date: 2023-02-23T09:25:07.0Z
Creation Date: 2023-01-23T21:28:02.0Z
Registry Expiry Date: 2024-01-23T23:59:59.0Z
Registrar: Go Daddy, LLC
Registrar IANA ID: 146
Domain Status: serverTransferProhibited 
https://icann.org/epp#serverTransferProhibited
Domain Status: clientRenewProhibited 
https://icann.org/epp#clientRenewProhibited
Domain Status: clientTransferProhibited 
https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited 
https://icann.org/epp#clientUpdateProhibited
Domain Status: clientDeleteProhibited 
https://icann.org/epp#clientDeleteProhibited

Registrant Organization: Domains By Proxy, LLC
Registrant State/Province: Arizona
Registrant Country: US
Registrant Email: Please query the RDDS service of the Registrar of 
Record identified in this output for information on how to contact the 
Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record 
identified in this output for information on how to contact the 
Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record 
identified in this output for information on how to contact the 
Registrant, Admin, or Tech contact of the queried domain name.

Name Server: NS37.DOMAINCONTROL.COM
Name Server: NS38.DOMAINCONTROL.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record 
identified in this output for information on how to contact the 
Registrant, Admin, or Tech contact of the queried domain name.

Registrar Abuse Contact Email: ab...@godaddy.com
Registrar Abuse Contact Phone: +1.4805058800
URL of the ICANN Whois Inaccuracy Complaint Form: 
https://www.icann.org/wicf/

>>> Last update of WHOIS database: 2023-03-08T18:40:36.0Z <<<

For more information on Whois status codes, please visit 
https://icann.org/epp

>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<

The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)

Access to the Whois and RDAP services is rate limited. For more
information, visit 
https://registrar-console.centralnic.com/pub/whois_guidance.

Registrar is godaddy.  I did contact ab...@godaddy.com.  Is there a more 
automated (scripted?) way of getting this done?  So it doesn't take so 
much of my time?  It feels like tilting at windmills, but, it would be 
good to fight back a little.  Domains by Proxy is the intermediary - a 
corporation set up to "manage unsolicited contacts from third parties 
and keeping the domains owners' personal information secret". 
https://en.wikipedia.org/wiki/Domains_by_Proxy

Is ab...@godaddy.com the only (legitimate) mechanism available to me?

What does the domain status above mean?  That the status is unavailable 
to me?  Or something else?

On 3/8/23 1:36 PM, Bryan Borsa wrote:
The Registry and Registrar should still be visible regardless of 
domain registrant privacy settings.

On Mar 8, 2023, at 1:31 PM, Bruce Labitt 
 wrote:

I did a whois, and due to privacy cr*p, there's no longer a way to get
to the registrants.  I can see why this might be, but it does make it
harder to report people

___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Email & Spam

2023-03-08 Thread Bryan Borsa

The Registry and Registrar should still be visible regardless of domain 
registrant privacy settings.



> On Mar 8, 2023, at 1:31 PM, Bruce Labitt  wrote:
> 
> I did a whois, and due to privacy cr*p, there's no longer a way to get 
> to the registrants.  I can see why this might be, but it does make it 
> harder to report people

___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Email & Spam

Re: Email & Spam

Re: Email & Spam

Re: Email & Spam

Re: Email & Spam

Re: Email & Spam

Re: Email & Spam

Re: Email & Spam

Re: Email & Spam

Re: Email & Spam

Re: Email & Spam

Re: Email & Spam

Re: Email & Spam

Re: Email & Spam

Re: Email & Spam

15 matches

Site Navigation

Mail list logo

Footer information