PDA

View Full Version : Spam


Tintin
October 11, 2004, 02:42 AM
Till now, we used to get spam and virus through the email address in the Profile and About page. Now it looks like spammers are sending mails as if they come from the addresses in the profile.

I usually delete them but checked the headers of one as it carried the hotmail address of bourny :

----

X-Spam-Status:
Yes, score=6.3 required=5.0 tests=BAYES_99, FORGED_HOTMAIL_RCVD2,MISSING_MIMEOLE,NO_REAL_NAME, PRIORITY_NO_NAME, RCVD_IN_NJABL_DUL,RCVD_IN_SORBS_DUL autolearn=no version=3.0.0
X-Spam-Report:
* 0.0 NO_REAL_NAME From: does not include a real name * 1.2 FORGED_HOTMAIL_RCVD2 hotmail.com 'From' address, but no 'Received:' * 1.9 BAYES_99 BODY: Bayesian spam probability is 99 to 100% * [score: 0.9969] * 0.1 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP * [80.218.244.158 listed in combined.njabl.org] * 2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address * [80.218.244.158 listed in dnsbl.sorbs.net] * 1.1 PRIORITY_NO_NAME Message has priority, but no X-Mailer/User-Agent * 0.0 MISSING_MIMEOLE Message has X-MSMail-Priority, but no X-MimeOLE

X-Spam-Flag:
YES
X-Spam-Checker-Version:
SpamAssassin 3.0.0 (2004-09-13) on cpanel.easywebbuilders.com
X-Spam-Level:
******
Message-Id:
<E1CFqzN-0007KM-5g@cpanel.easywebbuilders.com>
----
Return-path:
<bournie3@hotmail.com>
Envelope-to:
tintin@banglacricket.com
Delivery-date:
Fri, 08 Oct 2004 04:24:40 -0500

Received:
from banglacr by cpanel.easywebbuilders.com with local-bsmtp (Exim 4.42) id 1CFqzN-0007KM-5g for tintin@banglacricket.com; Fri, 08 Oct 2004 04:24:40 -0500
Received:
from [80.218.244.158] (helo=banglacricket.com) by cpanel.easywebbuilders.com with esmtp (Exim 4.42) id 1CFqzM-0007KI-5x for tintin@banglacricket.com; Fri, 08 Oct 2004 04:24:37 -0500


----


What is happening here ? Is cpanel.easywebbuilders.com masquerading as bournie or something else ?

bourny3
October 11, 2004, 05:48 AM
what me? I dont understand what is all of that. I didnt send you any mail either. What is it.

bourny3
October 11, 2004, 05:52 AM
I cant see my name in there anywhere. Would it have come from my computer. Because the computer had viruses on it ages ago would it have gone through that. Im sorry for what ever that is. What does Spam mean.

Tintin
October 11, 2004, 07:51 AM
I am not at all accusing you bourny, you are completely innocent. The header clearly shows that it was forged by someone else. I can only assume he got it from your profile.

I am waiting for nasif or someone to comment on this.

It is the usual virus attachment. The complete headers look like this :

=======

Received:
from mail.banglacricket.com by web20822.mail.yahoo.com with YMEXTPOP; Mon, 11 Oct 2004 00:25:03 PDT
Return-path:
<bournie3@hotmail.com>
Envelope-to:
tintin@banglacricket.com
Delivery-date:
Fri, 08 Oct 2004 04:24:40 -0500
Received:
from banglacr by cpanel.easywebbuilders.com with local-bsmtp (Exim 4.42) id 1CFqzN-0007KM-5g for tintin@banglacricket.com; Fri, 08 Oct 2004 04:24:40 -0500
Received:
from [80.218.244.158] (helo=banglacricket.com) by cpanel.easywebbuilders.com with esmtp (Exim 4.42) id 1CFqzM-0007KI-5x for tintin@banglacricket.com; Fri, 08 Oct 2004 04:24:37 -0500
From:
bournie3@hotmail.com Add to Address Book
To:
tintin@banglacricket.com
Subject:
Important
Date:
Fri, 8 Oct 2004 11:25:02 +0200
MIME-Version:
1.0
Content-Type:
multipart/mixed; boundary="----=_NextPart_000_0011_00000849.000067B9"
X-Priority:
1
X-MSMail-Priority:
High
X-Spam-Status:
Yes, score=6.3 required=5.0 tests=BAYES_99, FORGED_HOTMAIL_RCVD2,MISSING_MIMEOLE,NO_REAL_NAME, PRIORITY_NO_NAME, RCVD_IN_NJABL_DUL,RCVD_IN_SORBS_DUL autolearn=no version=3.0.0
X-Spam-Report:
* 0.0 NO_REAL_NAME From: does not include a real name * 1.2 FORGED_HOTMAIL_RCVD2 hotmail.com 'From' address, but no 'Received:' * 1.9 BAYES_99 BODY: Bayesian spam probability is 99 to 100% * [score: 0.9969] * 0.1 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP * [80.218.244.158 listed in combined.njabl.org] * 2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address * [80.218.244.158 listed in dnsbl.sorbs.net] * 1.1 PRIORITY_NO_NAME Message has priority, but no X-Mailer/User-Agent * 0.0 MISSING_MIMEOLE Message has X-MSMail-Priority, but no X-MimeOLE
X-Spam-Flag:
YES
X-Spam-Checker-Version:
SpamAssassin 3.0.0 (2004-09-13) on cpanel.easywebbuilders.com
X-Spam-Level:
******
Message-Id:
<E1CFqzN-0007KM-5g@cpanel.easywebbuilders.com>
Content-Length:
21589

Important notice!

bourny3
October 11, 2004, 08:47 AM
Oh ok sorry. should i take my email out from my profile

chinaman
October 11, 2004, 08:51 AM
One best way to fight spam, from my personal experience, is to forward all spams to uce@ftc.gov. Instead of forwarding, you can also SEND the headers giving a subject name Spam Reporting or something similar.

If you continue to do that for 2/3 weeks, you'll start seeing the lasting benefit.

For outlook express users, turn off that preview pane. It slows down the opening of an email a bit but definitely worth the wait.

Mail washer and Checkmail are two programs that allow you to preview and delete the email without downloading them from the server. You don't need these programs if you turn off the preview pane in outlook express.

chinaman
October 11, 2004, 08:56 AM
Originally posted by bourny3
Oh ok sorry. should i take my email out from my profile

You could try tweaking a little. Instead of username@hotmail.com, use, username at hotmail dot com or something similar. Just make it harder for the spying bots.

I think Dr. Z once posted a more innovative way to publish emails. Forgot how to :(

bourny3
October 12, 2004, 03:50 AM
Yes i just took my email out of my profile. That is the best way to go i think