FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 
Client Reports Flood Of Returned Spam He Did Not Send

 
Post new topic   Reply to topic    consultwebs.com Forum Index -> Consultwebs General Discussion
View previous topic :: View next topic  
Author Message
DaleTi
Site Admin


Joined: 17 Dec 2002
Posts: 224
Location: Raleigh NC
PostPosted: Sun Jul 06, 2003 1:24 pm    Post subject: Client Reports Flood Of Returned Spam He Did Not Send Reply with quote
A client reported that he had received a flood of returned Spam that he did not not send. The Spam came back to his "info" account. I explained that we have the same situation occur where spam we did not send comes back to our info@consultwebs.com or comments@ account.

I explained that anyone can put any e-mail address in the "Reply" field and have it reply to whomever. Spammers do this to prevent the floods of angry returns (rejected by anti-spam software) from coming back to their Internet Service Provider (ISP) or their account.

When anyone sets up an Outlook or Outlook Express e-mail account, questions include "From e-mail address you wish to use" and "Reply e-mail address you wish to use." If you examine the returned spam, you will notice that your address is not in either of the actual addresses of the Spam e-mails. These particular returns (the client sent two example returns) contained the addresses manchester@tekippe.com and nichabinniss@yahoo.com. However, these addresses may also be probably fake addresses or address book names. You can check the link supplied in the Spam message to see if there is a similarity. Spammers will, of course, supply a valid Web site or e-mail address in the message.

Occasionally, spammers use back-door (e.g., Trojan Horse) software to gain access to a user's unprotected (no anti-virus software installed) PC to send spam. This did not happen in this case. The info@theirdomainname.com was not a POP account. Info is typically an alias, that simply forwards e-mail. Therefore, spammers could not have sent it from their PC by piggy-backing on the virus to cause a backdoor entry. In other words, info@ was not a POP account that ccould send mail. Someone simply plugged the info@ address into the Reply field. To see if a virus is sending e-mail from your PC, review your Outbox.

We have had the client's situation happen to us. Spammers sometimes send e-mail from our aliases such as photos@consultwebs.com and comments@consultwebs.com. Their software apparently picked the name off our Web site or form and used it in the reply field.

What can you do about it? Not a lot, unfortunately. Many of the spammers are unsavory offshore or U.S. spammers who simply don't care.

1) You can use anti-spam software to report the spammer to anti-spam organizations. You should edit the reported data to include the actual spammers address rather than your own. Reporting will not help if the spammer's address is a fake, however, examination of the e-mails properties or anti-spam software can help with the identification. Anti-spam software such as Spam Inspector makes reporting an easy process. See http://www.giantcompany.com/?PID=A22522 for more info on Spam Inspector.
2) In some cases, you can set up an Outlook or Outlook Express rule to send the returns for the subject phrase to a particular folder, e.g., "quarantees_later_inspection".

We have other general anti-spam tips on our site in the form of a spamtips article http://www.consultwebs.com/spamtips.htm and this disucussion board.

We hope this helps.
_________________
Dale H. Tincher - dtincher@consultwebs.com
919-272-8052
Web Site - www.consultwebs.com
Back to top
View user's profile Send private message Send e-mail Visit poster's website
DaAngel
Guest
PostPosted: Sun Aug 03, 2003 10:24 am    Post subject: how to deal with this. Reply with quote
Think like a spammer.

Think like a reciever.

Deal with both.

Simple solution. If the users account is a general info account used to deal with outgoing and incomming email, including responders and such. The, first order of the day sould be, since the email account is being spamed is to set up a sercuity certificate. This ensures that their End user (EU) can have peace of mind.

To cut down on the influx of spam use two web based email accounts for web based promotion, and another account for other promotional concerns. On the web side use a server side driven script to deal with the spam. Ie, it only accepts email via the site and another that employes a user login script that requires a secure user id. The other promotional account can be serviced via conventional spam blocking techniques.

Hope this helps.

DaAngelŪ
http://www.north-carolina-web-deign.com
Back to top
Display posts from previous:   
Post new topic   Reply to topic    consultwebs.com Forum Index -> Consultwebs General Discussion All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group