Home About Buy online Blog Archives Newsletters Subscribe Contact

[godofthedevil]

ive tried emailing isps before but the trouble is that some ips are from places that dont speak or understand english for they know or care your offering them a naked woman and to assissinate their leader and help the freedom fighters.

the spam for software i get is in my yahoo box and it says what is 0em (zero em) and whats it about from about 20 diffrent email addresses. but if i took the time to look at the headers they would come more or less from the same geographic locatation

[TheDoctor]

Some that bother me are ones sent to hxxxxxxx@blueyonder.co.uk
where xxxxxxx is a nonsense string, eg ham3fxdy, but still gets to my email address (hxxxxxx2@blueyonder.co.uk, name changed to protect the guilty)

That's because they put your actual address (and those of other victms) in the BCC: field.

BTW I've got SpamBayes running and, while I get a lot of spam to my PC, I hardly ever see any of it. A marvellous product and much better than letting some third party decide what I can or can't receive.

[CJLL]

Some that bother me are ones sent to hxxxxxxx@blueyonder.co.uk
where xxxxxxx is a nonsense string, eg ham3fxdy, but still gets to my email address (hxxxxxx2@blueyonder.co.uk, name changed to protect the guilty)

That's because they put your actual address (and those of other victms) in the BCC: field.

Nope, this is because the actual receipients and the headers you see in your e-mail client are set differently.

This is an example of a SMTP conversation with sendmail:

Code: Select all

 telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
220 localhost.localdomain ESMTP Sendmail 8.13.4/8.13.4/Debian-3sarge1; Tue, 28 Mar 2006 18:46:07 +0100; (No UCE/UBE) logging access from: localhost.localdomain(OK)-localhost.localdomain [127.0.0.1]
HELO localhost


first of all, introduce yourself using the HELO command

Code: Select all

250 localhost.localdomain Hello localhost.localdomain [127.0.0.1], pleased to meet you
MAIL FROM: test@localhost


Then tell the MTA who you really are. Ok spammers lie at this stage, but a well configured mail server will check that the domain exists.

Code: Select all

250 2.1.0 test@localhost... Sender ok
RCPT TO: cjll@localhost
250 2.1.5 cjll@localhost... Recipient ok


Now tell it, who you are sending it to using RCPT TO. You can do a whole bunch of e-mail addresses here.

Next comes the information that your mail client will actually look at, after the data command:

Code: Select all

DATA
354 Enter mail, end with "." on a line by itself
To: Fred Bloggs <freedy@bloggs.com>
From: Leet Haxor <leet@example.com>
Subject: This is fun


The MTA will add some data about the route the mail message has taken to be delivered, but usually most of the info will be untrustworthy.

Your mail client will treat everything before Subject: as a header, so you add as many wierd and wonderful headers as you like. The MTA doesn't care.

Code: Select all

Hi

This haxoring is fun!

.
250 2.0.0 k2SHk7m8005877 Message accepted for delivery
QUIT
221 2.0.0 localhost.localdomain closing connection
Connection closed by foreign host.


Finally, send a full stop on it's own to indicate that the message is finished and say goodbye.

[TheDoctor]

CJLL, that's interesting. It explains some puzzles I've had about the headers in spam I've received. They've not made sense, and your explanation shows how this can happen.

Of course, our explanations are not mutually exclusive, although I can see how a serious spammer could cover his/her tracks much more thoroughly by your method.

[nelz]

Limnits on the lengths of headers mean Bcc: can only be used to send to a fairly small number of addresses, whereas listing then in the SMTP envelope is limited only by the mail server (some have limits to prevent their being used for spam). Spam is basically mailing lists without you needing to take the trouble to subscribe, the same distribution methods are used for both.

[TheDoctor]

Spam is basically mailing lists without you needing to take the trouble to subscribe

lol

Like being mugged is basically a money transfer without you needing to contact your bank...

[nelz]

The techniques used are somewhat different in that case. Try replying to a few phishing mails for a more compatible form of mugging...

[CJLL]

Limnits on the lengths of headers mean Bcc: can only be used to send to a fairly small number of addresses, whereas listing then in the SMTP envelope is limited only by the mail server (some have limits to prevent their being used for spam).

BCC is an e-mail client convenience, and not a SMTP feature. Your e-mail client still issues a RCPT TO: command regardless of whether the address is in the To: Cc: or Bcc: header.

It it up to the receiving mail server or client to be discrete and remove the other recepients. Not all of them do, so be aware.

[nelz]

I know, I was merely pointing out why it is not suitable for sending out mass mailings.

[Blåtann]

I may flag something aready written in this thread but has anyone mentioned viruses?
As a lot of modern viruses is designed to make zobies out of pc´s so that they can be abused by some hacker.

I once read something on the net about a hacker renting out hes botnet of about 100.000 pc´s (zombies) for about $100.-/hour
A spammer will gladly pay to use these machines as a cluster of spam machines.

Thereby there is actualy a risk sending an email to a friend with a possible vulnerable machine.
If the machine is compromised your message may be picked up and inkluded in a spammers list.

Acording to "How stuff works" the mail lists is sold on cd´s as "spam free" addresses, that is people that have agreed to receive spam(!)

It does not matter how good you hide your address, the virus or spyware compromised pc´s of your friends will give it away.

Viruses or spyware often runs it´s own smpt server and may send messages in the background.
Thereby, neither IP or the senders address is caracteristic of a spam message.