On Sun, 11 Feb 2007, Malgorzata Wierzbowska wrote:
dear gosia, [...] MW> I suspect that I have a hucker on this account and that MW> this hucker writes as amit76.india at gmail.com and/or that MW> this person (Amit Kumar) makes "jokes" writing AT LEAST AS: MW> amit76.india at gmail.com and jiaanyan at gmail.com sorry, i don't think that this was a hacker targetting you directly but a 'smart' trojan software trying to infect your machines. many programs that send out spam and viruses/trojan are trying hard to bypass all kinds of spam filters and security measures and try hard to make you 'look' at something or click on something to achieve their purposes. a simple measure to bypass (elementary) spam filters is to use addresses that are known to a user. e.g. a spammer 'harvests' addresses from a mailing list archive and then sends mails to subscribers looking as if they were sent from another subscriber of that mailing list. 'known people' are usually on a so-called whitelist and mails from them are not subjected to spam filtering. -> spammer 1, user 0 solution: use a smarter spam filter that combines multiple analysis methods and don't rely on simple heuristics or whitelists in you mail program. the downside, you need quite a long time and have to 'train' your spam filter well (i.e. you need to receive a lot of spam and non-spam mails). to give you a number: i receive usually between 50 and 100 (valid) mails each day and about twice as much spam. after about half a year of training spamassassin, only 10% of the incoming spam is presorted into the 'maybe spam' folder (based on its spam score) the rest scores so high that it is filed to /dev/null directly. ...and in the 'maybe spam' i have so far found 3 false positives (non-spam flagged as spam) which corresponds to roughly 0.1%. -> spammer 1, user 1000. ;-) onward to the mail not delivered message. this is another trick, usually used by virusses/trojans to infect your machine. they create an e-mail to an address that does not exist, use your email address as sender and go via a mailserver that employs a 'store-and-forward' strategy (i.e. most incoming mail servers at larger institutions or companies). now the mail protocol (SMTP) stipulates that a sender has to be notified of non-deliverable mail. if you can send e-mail directly to a machine, this will happen during the sending, however with an incoming mail relay server, the mail is first accepted assuming it is valid and then later the mail server finds it to be not deliverable and then the protocol demands that the mail is returned to the sender. since your address was given as sending address the returned mail goes to you and not the original sender. since it contains no direct information about the contents (i.e. you cannot tell if it is due to you mistyping an address) you open it click on the contents and - bingo - your machine is infected and most likely integrated into a 'botnet' to send spam or do other nasty stuff. you can also receive 'bounce' mails that are completely fake (i.e. send out like regular spam). sadly, there is little what you can do about this, since you may have to use the very same method to send out your own mails (and 'fake' your sending address, since your ip-number may be temporary, or you want to send mail from a generic address that does not correspond to an account on a machine.). text mode or webmail clients are usually a lower risk since they usually do not download separate or inline attachments without asking, and of course turning on display of the full mail headers (and understand what they mean) can help to identify this kind of junk. most of these mails are 'html enhanced', since html formatting makes it easier to hide the 'bad' parts of the mail. the only way to securely identify who sends you an e-mail is to use PGP signatures or something else (but that is too inconvenient for most and impossible from some). hope that clears up some matters. ciao, axel p.s.: sending mails with non-ascii characters and html-only formatting raises spam scoring immensely. so if you wonder why people do not respond to your mails, it may be that your mails get flagged (and discarded) as spam on a not so well trained spam filter... MW> Now, I understand, and strongly support, the request of MW> Prof. Nicola Marzari that everybody writing on pw-forum should give MW> the REAL NAME and the REAL ADDRESS. MW> MW> Best regards to all serious people, MW> MW> Malgorzata Wierzbowska MW> postdoc at Trieste University, Italy MW> (on pw-forum Gosia/wierzbom at ts.infn.it) -- ======================================================================= Axel Kohlmeyer akohlmey at cmm.chem.upenn.edu http://www.cmm.upenn.edu Center for Molecular Modeling -- University of Pennsylvania Department of Chemistry, 231 S.34th Street, Philadelphia, PA 19104-6323 tel: 1-215-898-1582, fax: 1-215-573-6233, office-tel: 1-215-898-5425 ======================================================================= If you make something idiot-proof, the universe creates a better idiot.
