what is going on?
 

I have a small list of email addresses and of late I am getting spam with most of them being used. The latest is my mod title - how would they get that!?. How do they get any of them? I am with talktalk and I am wondering if they have a leak. I am getting fed up 'unsubscribing' from the stuff I am getting.

Either (a) a leak, or, more likely and more common (b) a dictionary attack

(b) being simple in concept, the culprits have a list, generally of real words (hence "dictionary") supplemented by common human names and other common made up words.

Take one dictionary list, one bot script and hey presto, a spam campaign. :E

This is the reason I use Mailwasher (if you're downloading your emails to your computer as I do).
Mailwasher allows previews of spam and unwanted emails, allows you to mark senders as spammers - and best of all, allows you to bounce spam and scam emails, so it appears your email address is invalid.
The number of spam and scam emails I now receive would total about 2 a week at most on average - out of around 70-80 emails a day.
I quite often go for 3 weeks without receiving a single one.
Be aware that databases of email addresses are regularly sold, both legally and illegally, to anyone who wants to buy them.

Client-side filtering is a waste of time.... it is (a) still eating up your computing resources (b) requires much manual intervention and is not as accurate as server side. The only thing worse than client-side filtering is greylisting which is an utter waste of time.

You really should find a provider who can do decent server-side filtering for you on the emails as they arrive on the server.

100% of my emails are filtered server-side and maybe one or two spam emails a week makes it through the filters compared to the thousands I know are eradicated before they even hit the server.

NEVER, EVER DO THIS.

Sorry for the emphasis, but this is known as "backscatter" and it is BAD ! Spammers frequently hide behind other people's email addresses and servers.... by actively bouncing rather than just silently discarding, all you do is p!ss off server administrators who have nothing to do with the offending party.

If you don't want it, you should silently discard it. You should not send bounce messages unless you are confident they will be usefully delivered.

If you want it from the horse's mouth, here's what the standards say (RFC5321)

Never, ever unsubscribe from the spam you get. Most of the time the "unsubscribe" button usually found on the bottom of the spam mail you've got is just there to confirm that your email is valid. Within a few days you should therefore see plenty more of those mails.

The only time I would use this feature is when I unsubscribe from a service that I know (and rembember) to have requested in the past.

Proxus

That depends on how you do it. Accepting mail and then processing it and generating a fake bounce does indeed cause backscatter and is to be avoided.

Generating a correct 5xx bounce as part of the incoming mail transaction is a perfectly reasonable way of dealing with the junk mail. Your average spam zombie, on receiving the reject, will drop the message on the floor and not attempt to send it elsewhere because it's a waste of its resources given that it knows that the From: field is likely to be invalid. I've always used this approach, but it does require you to have your own on-line mail server to do it, once it's hit a POP3 or IMAP server somewhere then it's delivered.

Indeed, its actually code 521 you're looking for and I use that on mailservers once some basic validation checks happen and before processing mail any further to ensure no unwanted email ever hits storage. But Mailwasher and such like running on client machines aint' the incoming transaction by any stretch of the imagination. :E

I always check the real sender behind the visible address and then send the site webmaster a message that his site is being used to generate spam.

Save yourself some time and effort, just copy/paste the raw source text of the email into Spamcop. :ok:

mixture, what do you mean by that. A senior moment I think but I couldn't figure it.

PPP

mixture - thanks :ok: understand but alas cannot see raw source text from Jelly Bean

Mailwasher is only client-side filtering in a way - it downloads the headers rather than the whole mail, allows you to select/preselect what you don't want and then deletes them all from the server long before they hit your machine.

Since a trip to Buenos Aires a couple of years ago I get lots of medical advertising spam from South America, mostly from a couple of adsites, that would take ages to download and clog my machine. Messages to [email protected] and [email protected] have been ignored. Before I connect, Mailwasher checks my badlist and starts by deleting all the known unwanted crap from the server and I can just tick off a few more before fetching my mail.

These are quasi-legit sites and there is no way for me (or most people) to set up my own personal email filter at my ISP (who in fact does a pretty good job themselves of deleting obvious spam and malware). AFAIK none of the big ISPs in S. Africa have this facility.

So Mailwasher it is - why are you so agin it mix?

And no, I don't bounce stuff - it has little effect and just clogs up the Web even more.

Mac

:suspect:

Spamcop as in spamcop.net

Its a website where you can copy/paste the raw source of an offending email and it does all the analysis for you and automatically proposes the correct email addresses to report to (and will even send reports too).

Very handy.... and you get a reasonably generous amount of usage for free.

If, on the other hand, you meant "what is the raw source ?" ... by that I meant the text version of the email that contains the Header and other lines that are normally hidden from you in the normal email interface.

Yes, but proper server-side filtering doesn't even store or parse the majority of spam emails. Over 80% of spam can be defeated at the initial SMTP transaction stage (SMTP HELO)... the remaining 19.99998% can then be defeated through analysis on the server.

Client-side filtering of any sort is a waste of time and computing resources.... its already too late.

Keep on prodding your email provider to improve their anti-spam.

Well mix, there's spam and there's spam

Yes, there's the Viagra and penis-enlargement stuff - real spam which my ISP immediately ditches (but of course a few real spams make it through their filters).

Then there's the semi-spam - newsletters from hardware or software people that I have dealt with, new products from surgical companies that I have bought stuff off in the past - all crap that I'm not interested in anymore. This actually makes up the bulk of my inbox crap, but there is no way that my ISP can guess that I don't actually want to read it.

If my ISP were to ditch everything that even smelled faintly of spam then I'm pretty sure that a fair bit of mail that I do want to read would go in the bin too and emailing me would be highly unreliable.

Complete server-side filtering cannot work unless the ISP has individual whitelists and blacklists for every client and I don't know of one that does.

In the real world a utility (like Mailwasher) which downloads the message headers and allows one to delete them off the server before invoking the full email client is the only possible solution.

I hesitate to say it, but I sounds as though you do not see that it is near impossible to differentiate unwanted/uninteresting mail from wanted mail for an individual adressee.

Mac

:ouch:

Well, I can't speak for Windoze but on my Mac I use a mail client that does exactly that. The Mac Mail app has itself a junk filter but my online mail system is MacAce which has a system that you train. There is a range of choices including tagging as junk mail and blocking. It doesn't throw anything away but it puts all the Viagra type stuff in a folder on its server and every few days sends me an email with all the items listed. I simply scan them and put the lot into trash. Occasionally something that I want does sneak in there and so I send it to my inbox.

Mac, are you saying that Mailwasher, which I installed overnight, will do a clean up job before it gets to my inbox?

I have two mails so far and IT ignored them.

Based on personal experience, I can absolutely irrefutably say that lot you've just spouted is a load of codswallop.

On the system I and numerous others in the world are using, if correctly configured, you get zero false positives and very few misses.

I've been running my present system for over 3 years now, and have indeed had zero false positives, and at most I get two or three spams a week make it through. I run email services for others on the same platform too... so we're talking a substantial number of messages being parsed.

You do not need individual blacklists or whitelists.... indeed blacklist/whitelist/graylist type systems only make things worse, not better because they require manual maintenance.

Commercial systems such as Symantec Brightmail and Postini also don't require messing around with blacklist/whitelists and have zero false positives and minimal misses.

"Mac, are you saying that Mailwasher, which I installed overnight, will do a clean up job before it gets to my inbox? I have two mails so far and IT ignored them."

Yes, it will, but it isn't psychic!

Mailwasher will download all the headers, and mark for deletion all the items that it thinks are spam, based on Spamhaus/SpamCop lists and Bayesian filters. You then mark spam as such and it will remember this for the future. There is also a learning algorithm, so it gets smarter as you go along. You can also mark stuff for one-time deletion but not as spam. There are many ways of fine-tuning it, such as excluding whole domains - have a read!

Once Mailwasher has finished deleting all the crap from your mailbox it will then open Outlook (or whatever) and you can properly download the washed mail into your inbox.

mixture

"Based on personal experience, I can absolutely irrefutably say that lot you've just spouted is a load of codswallop."

Well, I can absolutely irrefutably say that you have either not read or not comprehended what I have written (and that you have a nasty temper and don't listen).

"On the system I and numerous others in the world are using, if correctly configured, you get zero false positives and very few misses.

I've been running my present system for over 3 years now, and have indeed had zero false positives, and at most I get two or three spams a week make it through. I run email services for others on the same platform too... so we're talking a substantial number of messages being parsed."

I can quite believe it, for by using Brightmail or Postini (or Dovecot or SurgeMail or whatever) you are acting as the ISP/mailserver and can set-up your spam filters as you wish!

Put your bile aside and consider for a moment the following situation - one of my less stable patients regularly forwards to me vast amounts of fundamentalist Christian literature which I have no interest in. This is not spam as such and there is no way for my ISP (MWeb) to know that I do not wish to receive these communications. I do not control my POP/IMAP server and neither do most of us.

When I wish to check my inbox I start by invoking Mailwasher, which downloads the headers and knowing that I do not wish to receive mail from [email protected], deletes the entire message from the MWeb POP server. When I have removed all the crap, Mailwasher will then invoke my email client and I can download the rest.

Most people will have realised by now that we are talking about two different things, one is the situation of the ordinary user who accesses their mail through a POP/IMAP provider - the other, as in mixture's case, is administration of a POP/IMAP server where you can of course configure your filters as you like.

This is not rocket science guys - either mixture is being extremely dense or....

Mac

:rolleyes:

Are those offers from Nigeria consider spam? I regularly put them in the junk file, but is there another way of handling them like sending them to Cap ?