shop-talk
[Top] [All Lists]

Re: Computer Question -- Spoofed e-mails

To: shop-talk@autox.team.net
Subject: Re: Computer Question -- Spoofed e-mails
From: ericm@lne.com
Date: Sat, 3 Feb 2007 17:07:03 -0800
On Sat, Feb 03, 2007 at 07:39:46PM -0500, Matt Trebelhorn wrote:
> 
> I'm pretty sure it's not our personal machines being "zombied" as you  
> call it -- we both use macs, we use completely different e-mail  
> mechanisms (POP3 vs. webmail), the addresses that send the mail are  
> not addresses we use, and the recipients from whom we get bounced  
> messages are not in our address books.


Spam zombies send spam to the email addresses they are told to
by their master, who has a big list of addresses to spam.  

You're thinking of mail-based worms, which use the address book of
the accounts they compromise to spread to other accounts.

I don' think there's been any zombies that take over macs
so you're probably ok there.


Spammers have been putting other people's adresses as the "From:"
address on spam for 10 years now.  They do it to evade some anti-spam
measures that verify that the sender is a valid account.

They also do it as a way to spam the "From:" account since bounce
messages often aren't subject to the same anti-spam measures
as regular mail.  The victim looks at the bounce message
and then looks at the spam it contains.

Those are crafted to pass the normal things done to messages
that bounce (they're usually truncated and wrapped in a layer of MIME
encoding).

I suspect that in your case its the former, and your accounts have
gotten on a spammer's list of valid accounts to use as From addesses.
Sucks, doesn't it?  There's nothing your name registrar can do.  
You may be able to get mailix.net your mail host to use better spam
recogition software, or you or they can change settings on what's 
already in place.

 
> We do get a lot of these messages -- 50-100 a day, each, maybe?  We  
> use these accounts for everything, including professional  
> correspondence.

Until recently I handled all the anti-spam measures for our
domain.  Just me and my wife.  We rejected something like 40,000 spams
a week.  We have both been using the same email addresses for a long
time.

Mac's mail app has good spam filtering (according to my wife; I'm a
unix guy).  You might turn it on if you haven't, or teach it to recognize
these spam-containing bounce messages.


Eric




<Prev in Thread] Current Thread [Next in Thread>