Spambots scanning SLE? Fwd: [Re: AutoReply: Vielen Dank für Ihre Nachricht]
This is sort of OT, but I thought everyone here should be aware. I've never used this address I'm using now (samjnaa at fastmail dot fm) for sending or receiving mail, and only recently signed up to SLE using this addr since I had problems with my GMail. But today I got the spam included at the end of this mail. I have never visited this freenet.de website, so it is impossible that I have *asked* them to send me this mail. I have used this address only for my SLE, SKDE and SuSE-OT lists and no other mail comms, so it is probable that some spambot is scanning these lists. If others also have received this kind of spam, then my suspicion will be confirmed. I request the authorities to take any steps possible regarding this. Thanks for a great service! Shriramana Sharma. Sunday 04 Sep 2005 08:27 samaye service@freenet.de alekhiit:
Sehr geehrter freenet.de Interessent,
vielen Dank für Ihre Anfrage und Ihr Interesse an unseren Diensten und Produkten!
Um Ihnen eine schnelle und kompetente Antwort zu ermöglichen, können wir Anfragen nur über das Kontaktformular entgegen nehmen. Nutzen Sie bitte unseren für Kunden kostenfreien E-Mail Service unter dem folgenden Link:
http://online-hilfe.freenet.de
Haben Sie Fragen zu unseren Tarifen, so besuchen Sie uns unter: http://tarif.freenet.de
Möchten Sie in Einrichtungshilfestellungen stöbern, so öffnen Sie bitte: http://hilfe.freenet.de
Bitte beachten Sie, dass Sie über einen kostenfreien freenet.de Mitgliedsnamen verfügen müssen, um unseren kostenlosen E-Mail Service in Anspruch nehmen zu können. Noch nicht kostenfrei registriert bei freenet.de? Einfach schnell und kostenfrei anmelden unter http://my.freenet.de
Viel Spaß bei freenet.de Ihr freenet.de Serviceteam
Kontakt unter: http://service.freenet.de
Shriramana, On Saturday 03 September 2005 20:06, Shriramana Sharma wrote:
...
I request the authorities to take any steps possible regarding this.
Such as? For all we know, you're collecting addresses and doing unspeakable things with them, too. Email is email. You post on a publically accessible list and you lose control of the address you use to post. Even if the archives have the email address expunged or altered, someone looking to collect addresses need only subscribe and start collecting. The only thing to do about spam is dispense with it promptly and with a minimum of effort. My ISP does an excellent job of labelling it via SpamAssassin. That, and treat it like all advertising: Don't patronize people or businesses whose business practices offend your principles or sensibilities. Spam only survives because people respond to it. True, it takes only a tiny response rate (by comparison to other media) to make email advertising worthwhile, but if everyone (and I do mean everyone) had the good sense to make it a point to punish rather than reward senders of UCE, it would eventually cease.
Thanks for a great service!
Oh, we aim to please...
Shriramana Sharma.
Randall Schulz -- "Hell is other people." -- Jean-Paul Sartre
Sunday 04 Sep 2005 08:49 samaye Randall R Schulz alekhiit:
Such as? For all we know, you're collecting addresses and doing unspeakable things with them, too.
Of course I'm not doing any such thing!
The only thing to do about spam is dispense with it promptly and with a minimum of effort. My ISP does an excellent job of labelling it via SpamAssassin.
OK I setup SpamAssassin with KMail just now, but does it work with IMAP accounts?
reward senders of UCE, it would eventually cease.
UCE? -- (o- Penguin #395953 lives at http://samvit.org //\ subsisting on ancient Indian wisdom ... V_/_ and modern computing efficiency! :)
Shriramana, On Saturday 03 September 2005 21:14, Shriramana Sharma wrote:
Sunday 04 Sep 2005 08:49 samaye Randall R Schulz alekhiit:
Such as? For all we know, you're collecting addresses and doing unspeakable things with them, too.
Of course I'm not doing any such thing!
Can you prove it? Casting aspersions could be an attempt to create a distraction or plausible deniability. The fact is, there's no way to know which of the thousands of subscribers to this list might have nefarious intent. Nor could you trace the diversion of email addresses to the perpetrator. If you cannot tolerate the acquisition of an email address by spammers, you have to do two things: 1) Make it an unguessable string of characters ('cause some spammers just generate email names and send messages to them without any idea of whether they're actually valid accounts) and 2) Guard it extremely jealosly. The only way to assure the latter is not to use it. The more people who receive messages from that address or otherwise see it, the greater the risk that it will leak out. You certainly cannot ever use it on a public mailing list, on Usenet or a bulletin board. C'est la vie.
The only thing to do about spam is dispense with it promptly and with a minimum of effort. My ISP does an excellent job of labelling it via SpamAssassin.
OK I setup SpamAssassin with KMail just now, but does it work with IMAP accounts?
How would I know. As I said, my ISP uses it to lable email before I get it. They have the option of shunting it aside or deleting it immediately, but I don't like that. There's the rare false positive. Very rare, of late, but still.
reward senders of UCE, it would eventually cease.
UCE?
Unsolicited Commercial Email. Randall Schulz
Sunday 04 Sep 2005 10:24 samaye Randall R Schulz alekhiit:
Of course I'm not doing any such thing!
Can you prove it? Casting aspersions could be an attempt to create a distraction or plausible deniability.
Randall I am hurt! (only half jocularly)
If you cannot tolerate the acquisition of an email address by spammers, you have to do two things: 1) Make it an unguessable string of characters ('cause some spammers just generate email names and send messages to them without any idea of whether they're actually valid accounts)
I tried using nospam.gmail.com back when I was operating from Windows via SeaMonkey, but the list wouldn't accept mails from that address. Someone here said that the list doesn't care about the from address so long as some other header validates - I didn't catch it and am unable to access marc online to search. (It timeouts.) -- (o- Penguin #395953 lives at http://samvit.org //\ subsisting on ancient Indian wisdom ... V_/_ and modern computing efficiency! :)
Hi Shriramana, On Sun, 4 Sep 2005 10:54:32 +0530 UTC (12:24 AM -0500 UTC my time), you wrote in part: S> Someone here said that the list doesn't care about the from address so S> long as some other header validates - I didn't catch it and am unable to S> access marc online to search. (It timeouts.) SUSE lists use ezmlm. You are subscribed by the envelope sender from address, and not the From: address. These can be different, depending on your email client.. e.g. Mutt will allow this. Note the above, my From: address is not a domain. Typically, the envelope sender is the Return-Path: -- Mark
Sunday 04 Sep 2005 19:44 samaye Mark alekhiit:
your email client.. e.g. Mutt will allow this. Note the above, my From:
Can I use Mutt with my KMail mailboxes? Sounds nice. -- (o- Penguin #395953 lives at http://samvit.org //\ subsisting on ancient Indian wisdom ... V_/_ and modern computing efficiency! :)
Hi Shriramana, On Sun, 4 Sep 2005 19:50:37 +0530 UTC (9:20 AM -0500 UTC my time), you wrote in part: S> Can I use Mutt with my KMail mailboxes? Sounds nice. Yes, Mutt reads any mail format... mbox, maildir, IMAP, etc. -- Mark
Sunday 04 Sep 2005 20:03 samaye Mark alekhiit:
S> Can I use Mutt with my KMail mailboxes? Sounds nice.
Yes, Mutt reads any mail format... mbox, maildir, IMAP, etc.
Thanksh.... :) -- (o- Penguin #395953 lives at http://samvit.org //\ subsisting on ancient Indian wisdom ... V_/_ and modern computing efficiency! :)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Sunday 2005-09-04 at 10:54 +0530, Shriramana Sharma wrote:
I tried using nospam.gmail.com back when I was operating from Windows via SeaMonkey, but the list wouldn't accept mails from that address. Someone here said that the list doesn't care about the from address so long as some other header validates
The "envelope from" - same as in paper letters, the list software only looks at the address in the letter envelope for validation; the inside "From", that is shown to us, is ignored by the list server, and can be false. If you look carefully at some "from" headers in this list, you will see some that are false (ie, not existent), and some that change every day or week, they rotate. You can not use the trick with kmail, you need mutt. You can limit the spam you get using SpamAssassin on your computer - it doesn't matter if your provider uses pop, imap, or a tin container :-p Also, amavis is a good thing to have installed. Search the list for previous references to both programs, there are a lot. - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFDGwFgtTMYHG2NR9URAvUJAJ9OjsaEGIOds7rSWsU5H102b/ouMACbBdVx NaSKnCRzys35blYpv47YghI= =8IN3 -----END PGP SIGNATURE-----
Shriramana Sharma wrote:
OK I setup SpamAssassin with KMail just now, but does it work with IMAP accounts?
While it is possible to set up spam filtering with an imap server, I just let Mozilla do it's thing. I run my imap server on the same computer as Mozilla and Mozilla is normally running all the time and filters the mail, every time it fetches new mail.
On Saturday 03 September 2005 22:19, Randall R Schulz wrote:
Shriramana,
Randall Schulz -- "Hell is other people." -- Jean-Paul Sartre
Ha! Now I understand why, when surveyed, the French report 30% believe in God, but 60% believe in Hell!!! PeterB
Peter, On Saturday 03 September 2005 21:15, Peter B Van Campen wrote:
On Saturday 03 September 2005 22:19, Randall R Schulz wrote:
-- "Hell is other people." -- Jean-Paul Sartre
Ha! Now I understand why, when surveyed, the French report 30% believe in God, but 60% believe in Hell!!!
And depending on how much overlap there is between those two groups, anywhere from 60% to 90% of them are weak-minded fools.
PeterB
RRS
Randall R Schulz wrote:
Such as? For all we know, you're collecting addresses and doing unspeakable things with them, too. Email is email. You post on a publically accessible list and you lose control of the address you use to post. Even if the archives have the email address expunged or altered, someone looking to collect addresses need only subscribe and start collecting.
Correct. The only way to reliably keep spam away from list addresses is to allow only the list server to send mails to that address. Of course, this kind of restriction is only available if you manage your own mail server.
The only thing to do about spam is dispense with it promptly and with a minimum of effort. My ISP does an excellent job of labelling it via SpamAssassin.
I had a lot of trouble with spam sorting done by the ISP, until I deactivated all anti-spam measures because I kept losing valid mails.
That, and treat it like all advertising: Don't patronize people or businesses whose business practices offend your principles or sensibilities. Spam only survives because people respond to it. True, it takes only a tiny response rate (by comparison to other media) to make email advertising worthwhile, but if everyone (and I do mean everyone) had the good sense to make it a point to punish rather than reward senders of UCE, it would eventually cease.
Never underestimate the potency of human stupidity. Entire industry branches are depending on it for their business model... Sandy
* Sandy Drobic <suse-linux-e@japantest.homelinux.com> [09-04-05 03:30]:
Never underestimate the potency of human stupidity. Entire industry branches are depending on it for their business model...
Does that spell MickeySloft ??? -- Patrick Shanahan Registered Linux User #207535 http://wahoo.no-ip.org @ http://counter.li.org HOG # US1244711 Photo Album: http://wahoo.no-ip.org/gallery
participants (10)
-
Carlos E. R. -
James Knott -
Mark -
Mark -
Patrick Shanahan -
Peter B Van Campen -
Randall R Schulz -
Sandy Drobic -
Shriramana Sharma -
Shriramana Sharma