Spammers have software that sift email addresses from Newsgroups - Mozilla

This is a discussion on Spammers have software that sift email addresses from Newsgroups - Mozilla ; Dear Ma'ams and Sirs, I'm not aware of Mozilla newsgroup messages being immune from being sifted by spambots for active email addresses, which are subsequently added to spammers' "marketing" lists. One singly important way of staying off these lists and ...

+ Reply to Thread
Results 1 to 13 of 13

Thread: Spammers have software that sift email addresses from Newsgroups

  1. Spammers have software that sift email addresses from Newsgroups

    Dear Ma'ams and Sirs,

    I'm not aware of Mozilla newsgroup messages being immune from being sifted
    by spambots for active email addresses, which are subsequently added to
    spammers' "marketing" lists. One singly important way of staying off these
    lists and minimizing your spam exposure is to provide fake personal
    information when you post to newsgroups -- Mozilla and otherwise (especially
    Yahoogroups).

    But looking around here, it looks like a lot of people are providing their
    real email addresses and even their full names (First and Last) when they
    post, probably inadvertently.

    Certainly, there is no law or reason that requires us to provide real
    information to a newsgroup, since people will be replying back to you
    through the newsgroup. Nothing in the world of newsgroups requires your
    personal-identification information to be accurate when you post to the
    Mozilla (or other) newsgroup.

    If you want, it's never too late to "change" the name and email address that
    will appear on your future newsgroup posts to names and email addresses that
    are totally contrived.

    In your email software, you have separate Account Settings for the Email
    servers and Newsgroup servers that you use (such as "mail.bellatlantic.net."
    or "news.mozilla.org."). Importantly, you can adjust the personal
    information that is sent when you post to newsgroups -without- changing the
    personal information that will be sent with your personal emails. Recommend
    making the personal details for your newsgroup-usage "fake."

    A good demonstration; if you're using Outlook Express to read this message,
    you'll see my name, "From: Neil" at the top of this message. They don't
    make it obvious, but if you double-click on my name, it opens a Properties
    window that contains the information that I entered in my Account
    information [for this newsgroup], including my fake email address.

    The spambots are equally able to harvest email addresses this way (plus or
    minus), and any other email addresses that are included in message bodies.

    So go into your Account Settings for your assorted newsgroup servers, munge
    up the "personal" information contained therein, and stop the leakage.

    If you want to see how your changes have affected your newsgroup posts, then
    shoot an arrow at mozilla.test, and check the Properties of your own
    test-post.

    -------

    The other method of delivering spam to you is for spambots to systematically
    go through every letter and number to randomly "create" every possible
    existing email address, and see if anyone replies to their "Unsubscribe"
    links. Therefore, never reply to Unsubscribe links in spam -- nothing good
    ever comes of it -- you would just be confirming that your email address is
    active and ready for annoyance.

    If your email address has become too polluted with spam for your comfort,
    then it's time to create a new email address, transfer all your valid
    accounts and contact to the new email address, abandon your old address, and
    apply your new electronic-identity-security lessons to your new account. I
    can assure you that even a Yahoo email address can stay "clean" for a long
    time if you follow these two bits of advice and if you are careful to whom
    you provide your email address. Also, I can assure you that an email address
    that has been spammerized will stay spammerized forever.

    If your clean email address gets a spam, it's not necessarily your fault.
    It could simply have been randomly generated by a spambot. Don't fret --
    just delete it without responding to it. It's not necessarily the beginning
    of the end.

    If I need to provide an email address, but I'm not sure about the
    credibility of the organization, I will use my spammerized [yahoo, gmail,
    etc] email address. If I'm pretty sure about the credibility of the
    organization, I use my relatively clean [yahoo, gmail, etc] email address.

    For my friends and family, they get my super-clean email address with my ISP
    domain. Even there, if that one becomes spammerized, my ISP will allow me
    to create another dozen email addresses on the same account, if I make a
    mistake and spam blossoms on my present email address. At the present rate
    of spam infection, with a little care, my ISP provides me enough email
    addresses on my account to keep me comfortable for a hundred years. Of
    course, ISPs go broke and fade away, so that might be an argument for
    switching even my friends and family to a yahoo or gmail address, which tend
    to last longer than Adelphia, for instance.

    Standard advice; apparently not repeated often enough. Mozilla users
    deserve better.

    Nighty night / best luck.

    -Neil-



  2. Re: Spammers have software that sift email addresses from Newsgroups

    Neil wrote:
    > Dear Ma'ams and Sirs,
    >
    > I'm not aware of Mozilla newsgroup messages being immune from being sifted
    > by spambots for active email addresses, which are subsequently added to
    > spammers' "marketing" lists. One singly important way of staying off these
    > lists and minimizing your spam exposure is to provide fake personal
    > information when you post to newsgroups -- Mozilla and otherwise (especially
    > Yahoogroups).
    >
    > But looking around here, it looks like a lot of people are providing their
    > real email addresses and even their full names (First and Last) when they
    > post, probably inadvertently.
    >
    > Certainly, there is no law or reason that requires us to provide real
    > information to a newsgroup, since people will be replying back to you
    > through the newsgroup. Nothing in the world of newsgroups requires your
    > personal-identification information to be accurate when you post to the
    > Mozilla (or other) newsgroup.
    >
    > If you want, it's never too late to "change" the name and email address that
    > will appear on your future newsgroup posts to names and email addresses that
    > are totally contrived.
    >
    > In your email software, you have separate Account Settings for the Email
    > servers and Newsgroup servers that you use (such as "mail.bellatlantic.net."
    > or "news.mozilla.org."). Importantly, you can adjust the personal
    > information that is sent when you post to newsgroups -without- changing the
    > personal information that will be sent with your personal emails. Recommend
    > making the personal details for your newsgroup-usage "fake."
    >
    > A good demonstration; if you're using Outlook Express to read this message,
    > you'll see my name, "From: Neil" at the top of this message. They don't
    > make it obvious, but if you double-click on my name, it opens a Properties
    > window that contains the information that I entered in my Account
    > information [for this newsgroup], including my fake email address.
    >
    > The spambots are equally able to harvest email addresses this way (plus or
    > minus), and any other email addresses that are included in message bodies.
    >
    > So go into your Account Settings for your assorted newsgroup servers, munge
    > up the "personal" information contained therein, and stop the leakage.
    >
    > If you want to see how your changes have affected your newsgroup posts, then
    > shoot an arrow at mozilla.test, and check the Properties of your own
    > test-post.
    >
    > -------
    >
    > The other method of delivering spam to you is for spambots to systematically
    > go through every letter and number to randomly "create" every possible
    > existing email address, and see if anyone replies to their "Unsubscribe"
    > links. Therefore, never reply to Unsubscribe links in spam -- nothing good
    > ever comes of it -- you would just be confirming that your email address is
    > active and ready for annoyance.
    >
    > If your email address has become too polluted with spam for your comfort,
    > then it's time to create a new email address, transfer all your valid
    > accounts and contact to the new email address, abandon your old address, and
    > apply your new electronic-identity-security lessons to your new account. I
    > can assure you that even a Yahoo email address can stay "clean" for a long
    > time if you follow these two bits of advice and if you are careful to whom
    > you provide your email address. Also, I can assure you that an email address
    > that has been spammerized will stay spammerized forever.
    >
    > If your clean email address gets a spam, it's not necessarily your fault.
    > It could simply have been randomly generated by a spambot. Don't fret --
    > just delete it without responding to it. It's not necessarily the beginning
    > of the end.
    >
    > If I need to provide an email address, but I'm not sure about the
    > credibility of the organization, I will use my spammerized [yahoo, gmail,
    > etc] email address. If I'm pretty sure about the credibility of the
    > organization, I use my relatively clean [yahoo, gmail, etc] email address.
    >
    > For my friends and family, they get my super-clean email address with my ISP
    > domain. Even there, if that one becomes spammerized, my ISP will allow me
    > to create another dozen email addresses on the same account, if I make a
    > mistake and spam blossoms on my present email address. At the present rate
    > of spam infection, with a little care, my ISP provides me enough email
    > addresses on my account to keep me comfortable for a hundred years. Of
    > course, ISPs go broke and fade away, so that might be an argument for
    > switching even my friends and family to a yahoo or gmail address, which tend
    > to last longer than Adelphia, for instance.
    >
    > Standard advice; apparently not repeated often enough. Mozilla users
    > deserve better.
    >
    > Nighty night / best luck.
    >
    > -Neil-
    >
    >


    I don't have problems with spam from newsgroups mainly because I use
    real but disposable addresses, unique to each newsgroup server I post on.
    that makes the spam control by filters etc. very easy and also means if
    an address does start to attract spam I know what group is responsible,
    and I can simply change the address or stop visiting the group if I want.

    --
    Rev Robert M Jones, Wimborne Baptist Church, UK
    http://www.wimborne-baptist.org.uk
    Free trial of Mailwasher Pro - effective email spam filter - (commission
    goes to our partners in Bulgaria)
    http://fta.firetrust.com/index.cgi?id=420

  3. Re: Spammers have software that sift email addresses from Newsgroups

    Neil wrote:
    > Dear Ma'ams and Sirs,
    >
    > I'm not aware of Mozilla newsgroup messages being immune from being sifted
    > by spambots for active email addresses, which are subsequently added to
    > spammers' "marketing" lists. One singly important way of staying off these
    > lists and minimizing your spam exposure is to provide fake personal
    > information when you post to newsgroups -- Mozilla and otherwise (especially
    > Yahoogroups).
    >
    > But looking around here, it looks like a lot of people are providing their
    > real email addresses and even their full names (First and Last) when they
    > post, probably inadvertently.
    >
    > Certainly, there is no law or reason that requires us to provide real
    > information to a newsgroup, since people will be replying back to you
    > through the newsgroup. Nothing in the world of newsgroups requires your
    > personal-identification information to be accurate when you post to the
    > Mozilla (or other) newsgroup.
    >
    > If you want, it's never too late to "change" the name and email address that
    > will appear on your future newsgroup posts to names and email addresses that
    > are totally contrived.
    >
    > In your email software, you have separate Account Settings for the Email
    > servers and Newsgroup servers that you use (such as "mail.bellatlantic.net."
    > or "news.mozilla.org."). Importantly, you can adjust the personal
    > information that is sent when you post to newsgroups -without- changing the
    > personal information that will be sent with your personal emails. Recommend
    > making the personal details for your newsgroup-usage "fake."
    >
    > A good demonstration; if you're using Outlook Express to read this message,
    > you'll see my name, "From: Neil" at the top of this message. They don't
    > make it obvious, but if you double-click on my name, it opens a Properties
    > window that contains the information that I entered in my Account
    > information [for this newsgroup], including my fake email address.
    >
    > The spambots are equally able to harvest email addresses this way (plus or
    > minus), and any other email addresses that are included in message bodies.
    >
    > So go into your Account Settings for your assorted newsgroup servers, munge
    > up the "personal" information contained therein, and stop the leakage.
    >
    > If you want to see how your changes have affected your newsgroup posts, then
    > shoot an arrow at mozilla.test, and check the Properties of your own
    > test-post.
    >
    > -------
    >
    > The other method of delivering spam to you is for spambots to systematically
    > go through every letter and number to randomly "create" every possible
    > existing email address, and see if anyone replies to their "Unsubscribe"
    > links. Therefore, never reply to Unsubscribe links in spam -- nothing good
    > ever comes of it -- you would just be confirming that your email address is
    > active and ready for annoyance.
    >
    > If your email address has become too polluted with spam for your comfort,
    > then it's time to create a new email address, transfer all your valid
    > accounts and contact to the new email address, abandon your old address, and
    > apply your new electronic-identity-security lessons to your new account. I
    > can assure you that even a Yahoo email address can stay "clean" for a long
    > time if you follow these two bits of advice and if you are careful to whom
    > you provide your email address. Also, I can assure you that an email address
    > that has been spammerized will stay spammerized forever.
    >
    > If your clean email address gets a spam, it's not necessarily your fault.
    > It could simply have been randomly generated by a spambot. Don't fret --
    > just delete it without responding to it. It's not necessarily the beginning
    > of the end.
    >
    > If I need to provide an email address, but I'm not sure about the
    > credibility of the organization, I will use my spammerized [yahoo, gmail,
    > etc] email address. If I'm pretty sure about the credibility of the
    > organization, I use my relatively clean [yahoo, gmail, etc] email address.
    >
    > For my friends and family, they get my super-clean email address with my ISP
    > domain. Even there, if that one becomes spammerized, my ISP will allow me
    > to create another dozen email addresses on the same account, if I make a
    > mistake and spam blossoms on my present email address. At the present rate
    > of spam infection, with a little care, my ISP provides me enough email
    > addresses on my account to keep me comfortable for a hundred years. Of
    > course, ISPs go broke and fade away, so that might be an argument for
    > switching even my friends and family to a yahoo or gmail address, which tend
    > to last longer than Adelphia, for instance.
    >
    > Standard advice; apparently not repeated often enough. Mozilla users
    > deserve better.
    >
    > Nighty night / best luck.
    >
    > -Neil-
    >
    >

    I read, often, about harvesting names from newsgroups, but I regularly
    post on several of them, always with my real name, and primary email
    address, as below, and I don't have a lot of trouble with spam. I have
    a number of filters that take care of what spam I do receive without it
    becoming a problem. So, I doubt this is a valid excuse for phony names,
    and spoofed headers. I suspect the MAIN reason people do this is to
    hide their identity from other people so they can say whatever they want
    without taking personal responsibility for it.


    --
    Ron Hunter rphunter@charter.net

  4. Re: Spammers have software that sift email addresses from Newsgroups

    On 24.03.2008 07:58, Ron Hunter wrote:

    --- Original Message ---

    > I read, often, about harvesting names from newsgroups, but I regularly
    > post on several of them, always with my real name, and primary email
    > address, as below, and I don't have a lot of trouble with spam. I have
    > a number of filters that take care of what spam I do receive without it
    > becoming a problem. So, I doubt this is a valid excuse for phony names,
    > and spoofed headers. I suspect the MAIN reason people do this is to
    > hide their identity from other people so they can say whatever they want
    > without taking personal responsibility for it.
    >
    >


    I host a little over 100 email clients on one of my mail servers. The
    daily average of rejected spam is 8,000+ going to REAL addresses. The
    rejections are 99% from the RBL's (realtime black lists). How many of my
    clients post on usenet with real addresses is probably in the n'brhood
    of 95% .. so, IMHO there really is something to be said.

    --
    Jay Garcia Netscape Champion
    UFAQ - http://www.UFAQ.org

  5. Re: Spammers have software that sift email addresses from Newsgroups

    Jay Garcia wrote:
    > On 24.03.2008 07:58, Ron Hunter wrote:
    >
    > --- Original Message ---
    >
    >> I read, often, about harvesting names from newsgroups, but I regularly
    >> post on several of them, always with my real name, and primary email
    >> address, as below, and I don't have a lot of trouble with spam. I have
    >> a number of filters that take care of what spam I do receive without it
    >> becoming a problem. So, I doubt this is a valid excuse for phony names,
    >> and spoofed headers. I suspect the MAIN reason people do this is to
    >> hide their identity from other people so they can say whatever they want
    >> without taking personal responsibility for it.
    >>
    >>

    >
    > I host a little over 100 email clients on one of my mail servers. The
    > daily average of rejected spam is 8,000+ going to REAL addresses. The
    > rejections are 99% from the RBL's (realtime black lists). How many of my
    > clients post on usenet with real addresses is probably in the n'brhood
    > of 95% .. so, IMHO there really is something to be said.
    >


    One wonders what websites your user frequent to receive so much spam.


    --
    Ron Hunter rphunter@charter.net

  6. Re: Spammers have software that sift email addresses from Newsgroups

    On Mon, Mar 24, 2008 at 03:15:27AM -0400, Neil wrote:
    > I'm not aware of Mozilla newsgroup messages being immune from being sifted
    > by spambots for active email addresses, which are subsequently added to
    > spammers' "marketing" lists. One singly important way of staying off these
    > lists and minimizing your spam exposure is to provide fake personal
    > information when you post to newsgroups -- Mozilla and otherwise (especially
    > Yahoogroups).


    This is a futile tactic that will do nothing to stop competent spammers.
    The only people it will have any meaningful effect on are those who
    are trying to communicate with posters to mailing lists/newsgroups,
    and possibly some of the newer, more amateurish spammers -- who will
    learn, soon enough. The same can be said for the attempts at obfuscation
    that are often claimed to have similar non-existent benefits.

    Here's why:

    First, spammers wrote the trivial bits of perl/awk/python/whatever
    to unmunge obfuscated forms many years ago. So things like
    rskNOSPAM@gsp.org or rsk (at) gsp.org are pointless.

    Second, spammers have also long since done the requisite RFC 2142 and
    statistical analysis to know that hostmaster@ is reasonably likely
    to exist, as is webmaster@, john@, mary@, john.smith@, john.jones@,
    aaa@, aab@, aac@, etc. So if your address matches any of the millions
    of common patterns like that, then they'll have it soon, if they don't
    already. (And given some of their methods: they don't really need
    to have it anyway in order to spam it.)

    Third, unmunged addresses appear with regularity in message headers
    *because they have to* in order for mail to work. I trust it's obvious
    why obfuscating or eliding them elsewhere does nothing about this.

    Fourth, there are an enormous number of fully-compromised systems
    worldwide. (Any estimate under 100 million is badly outdated. Recent
    estimates have been in the 250-300 million range, and even that may be
    too low.) Among the many uses that the new owners of those system have
    for them is mass harvesting of email addresses -- which means that they
    have long since gone through every address book, all stored mail,
    and perhaps all stored documents as well. Note that some of those
    compromised systems are mail servers, in which case the harvesting is
    likely to be especially fruitful.

    (And given this:

    X-Newsreader: Microsoft Outlook Express 6.00.2900.3138

    odds are good that the originating system is one of them.)

    Fifth, spammers have many other methods of acquiring addresses,
    including but not limited to:

    querying mail servers (especially those with VRFY and EXPN on)
    subscribing to mailing lists and harvesting everything
    acquiring corporate directories (sometimes from their web sites)
    insecure LDAP servers
    insecure AD servers
    spidering web sites
    Usenet news feed
    reverse engineering names to things like firstname.lastname
    use of backscatter/outscatter
    use of auto-responders
    gaming of mailing list mechanisms
    use of abusive "callback" mechanisms
    use of abusive e-pending mechanisms
    use of abusive challenge/response mechanisms
    dictionary attacks
    purchase of addresses in bulk on the open market.
    purchase of addresses from vendors, web sites, etc.
    purchase of addresses from registrars, ISPs, web hosts, etc.

    It's therefore probably best to assume at this point that ANY email
    address is either (a) in the hands of spammers or (b) will be soon,
    and to plan defenses accordingly. Pretending that it's otherwise,
    that it's actually possible to keep most addresses out of their hands
    indefinitely, is a head-in-the-sand strategy.

    (Yes, special-purpose addresses insulated from all this, only used
    in isolated cases, extant only on highly secure mail servers that are
    meticulously maintained, and sufficiently obscure as to avoid guesswork
    may be exceptions. But clearly, given that spammers have escalated
    from selling single CDs of compressed address lists to sets of multiple
    DVDs, only a tiny, tiny fraction of all valid email addresses worldwide
    fall into this category.)

    Moreover, it's impolite to send messages to a public mailing list or
    newsgroup without providing a valid address for reply. Those who don't
    want to participate in two-way communication are certainly not required
    to; they're not, however, free to unilaterally attempt to make those
    two-way channels one-way-only to suit their personal preference or
    convenience. This is the online equivalent of shouting while sticking
    your fingers in your ears so as not to hear replies.

    ---Rsk

  7. Re: Spammers have software that sift email addresses from Newsgroups

    On 24.03.2008 22:12, Rich Kulawiec wrote:

    --- Original Message ---

    > Moreover, it's impolite to send messages to a public mailing list or
    > newsgroup without providing a valid address for reply. Those who don't
    > want to participate in two-way communication are certainly not required
    > to; they're not, however, free to unilaterally attempt to make those
    > two-way channels one-way-only to suit their personal preference or
    > convenience. This is the online equivalent of shouting while sticking
    > your fingers in your ears so as not to hear replies.


    Once your email makes it to every spam list on the planet, it then
    becomes the responsability for the ISP to filter out the resulting
    mega-buckets of spam coming their way. SpamAssassin does it's job fairly
    well as well as adding in a few of the top RBL's (I use three). If you
    have a really good and dedicated ISP, your problem is solved for the
    most part.

    My SA and RBL's reject over 8,000 spams daily for only 100+ users on
    only one mail server.

    --
    Jay Garcia Netscape Champion
    UFAQ - http://www.UFAQ.org

  8. Re: Spammers have software that sift email addresses from Newsgroups

    On 2008-03-24 23:12 Rich Kulawiec wrote:
    > On Mon, Mar 24, 2008 at 03:15:27AM -0400, Neil wrote:
    >> I'm not aware of Mozilla newsgroup messages being immune from being sifted
    >> by spambots for active email addresses, which are subsequently added to
    >> spammers' "marketing" lists. One singly important way of staying off these
    >> lists and minimizing your spam exposure is to provide fake personal
    >> information when you post to newsgroups -- Mozilla and otherwise (especially
    >> Yahoogroups).

    >
    > This is a futile tactic that will do nothing to stop competent spammers.
    > The only people it will have any meaningful effect on are those who
    > are trying to communicate with posters to mailing lists/newsgroups,
    > and possibly some of the newer, more amateurish spammers -- who will
    > learn, soon enough. The same can be said for the attempts at obfuscation
    > that are often claimed to have similar non-existent benefits.
    >
    > Here's why:
    >
    > First, spammers wrote the trivial bits of perl/awk/python/whatever
    > to unmunge obfuscated forms many years ago. So things like
    > rskNOSPAM@gsp.org or rsk (at) gsp.org are pointless.

    ....

    I had suspected that emf@NOSPAM.email.com that I have been using (after
    copying the practice of others) wasn't effective to prevent (new) spam,
    but it's good to hear a confirmation of this. BTW, from what you say,
    this particular address of mine has the additional disadvantage that the
    name is only a 3 letter combination.

    I've been using webmail to get email from 4 different webmail accounts
    and I also have my main email and from all these 5 accounts I had been
    getting around 60 spams a month that have recently been reduced to only
    40 (and which I promptly forward to Spamcop, mainly to feel that I am
    contributing something to the solution of the problem). So the spam
    filters have been doing a pretty good job. Unfortunately, the TBird spam
    filter can't catch all these remaining 40, if it could it would be great.

    One of my Yahoo accounts does not receive any spam (in the mailbox at
    least) but I suppose it's a matter of time when it will...

    emf

    --
    It ain't THAT, babe! - A radical reinterpretation
    http://www.geocities.com/itaintme_babe/itaintme.html

  9. Re: Spammers have software that sift email addresses from Newsgroups

    Neil wrote:
    > Dear Ma'ams and Sirs,
    >
    > I'm not aware of Mozilla newsgroup messages being immune from being sifted
    > by spambots for active email addresses, which are subsequently added to
    > spammers' "marketing" lists. One singly important way of staying off these
    > lists and minimizing your spam exposure is to provide fake personal
    > information when you post to newsgroups -- Mozilla and otherwise (especially
    > Yahoogroups).
    >
    > But looking around here, it looks like a lot of people are providing their
    > real email addresses and even their full names (First and Last) when they
    > post, probably inadvertently.
    >
    > Certainly, there is no law or reason that requires us to provide real
    > information to a newsgroup, since people will be replying back to you
    > through the newsgroup. Nothing in the world of newsgroups requires your
    > personal-identification information to be accurate when you post to the
    > Mozilla (or other) newsgroup.
    >
    > If you want, it's never too late to "change" the name and email address that
    > will appear on your future newsgroup posts to names and email addresses that
    > are totally contrived.
    >
    > In your email software, you have separate Account Settings for the Email
    > servers and Newsgroup servers that you use (such as "mail.bellatlantic.net."
    > or "news.mozilla.org."). Importantly, you can adjust the personal
    > information that is sent when you post to newsgroups -without- changing the
    > personal information that will be sent with your personal emails. Recommend
    > making the personal details for your newsgroup-usage "fake."
    >
    > A good demonstration; if you're using Outlook Express to read this message,
    > you'll see my name, "From: Neil" at the top of this message. They don't
    > make it obvious, but if you double-click on my name, it opens a Properties
    > window that contains the information that I entered in my Account
    > information [for this newsgroup], including my fake email address.
    >
    > The spambots are equally able to harvest email addresses this way (plus or
    > minus), and any other email addresses that are included in message bodies.
    >
    > So go into your Account Settings for your assorted newsgroup servers, munge
    > up the "personal" information contained therein, and stop the leakage.
    >
    > If you want to see how your changes have affected your newsgroup posts, then
    > shoot an arrow at mozilla.test, and check the Properties of your own
    > test-post.
    >
    > -------
    >
    > The other method of delivering spam to you is for spambots to systematically
    > go through every letter and number to randomly "create" every possible
    > existing email address, and see if anyone replies to their "Unsubscribe"
    > links. Therefore, never reply to Unsubscribe links in spam -- nothing good
    > ever comes of it -- you would just be confirming that your email address is
    > active and ready for annoyance.
    >
    > If your email address has become too polluted with spam for your comfort,
    > then it's time to create a new email address, transfer all your valid
    > accounts and contact to the new email address, abandon your old address, and
    > apply your new electronic-identity-security lessons to your new account. I
    > can assure you that even a Yahoo email address can stay "clean" for a long
    > time if you follow these two bits of advice and if you are careful to whom
    > you provide your email address. Also, I can assure you that an email address
    > that has been spammerized will stay spammerized forever.
    >
    > If your clean email address gets a spam, it's not necessarily your fault.
    > It could simply have been randomly generated by a spambot. Don't fret --
    > just delete it without responding to it. It's not necessarily the beginning
    > of the end.
    >
    > If I need to provide an email address, but I'm not sure about the
    > credibility of the organization, I will use my spammerized [yahoo, gmail,
    > etc] email address. If I'm pretty sure about the credibility of the
    > organization, I use my relatively clean [yahoo, gmail, etc] email address.
    >
    > For my friends and family, they get my super-clean email address with my ISP
    > domain. Even there, if that one becomes spammerized, my ISP will allow me
    > to create another dozen email addresses on the same account, if I make a
    > mistake and spam blossoms on my present email address. At the present rate
    > of spam infection, with a little care, my ISP provides me enough email
    > addresses on my account to keep me comfortable for a hundred years. Of
    > course, ISPs go broke and fade away, so that might be an argument for
    > switching even my friends and family to a yahoo or gmail address, which tend
    > to last longer than Adelphia, for instance.
    >
    > Standard advice; apparently not repeated often enough. Mozilla users
    > deserve better.
    >
    > Nighty night / best luck.
    >
    > -Neil-
    >
    >


    I've posted with my real name and a valid email address on this server
    since it came to be. I receive very little spam at this address. That
    being the case, I would just as soon let people know who I am, and allow
    them to contact me off group if needed.

    Lee

  10. Re: Spammers have software that sift email addresses from Newsgroups

    > Once your email makes it to every spam list on the planet, it then
    > becomes the responsability for the ISP to filter out the resulting
    > mega-buckets of spam coming their way. SpamAssassin does it's job fairly
    > well as well as adding in a few of the top RBL's (I use three). If you
    > have a really good and dedicated ISP, your problem is solved for the
    > most part.


    I've noticed recently that spammers seems to be changing their probably
    fake return address more often to avoid filters.

    The only effective way to reduce spam would be to start charging for
    transmissions. "Legitimate" spammers might better consider who they send
    to. Those whose computers are being used as spam robots would become
    aware of it and be forced to do something about it.


  11. Re: Spammers have software that sift email addresses from Newsgroups

    On Friday 28 March 2008 04:42:17 pm Eustace wrote:
    > On 2008-03-24 23:12 Rich Kulawiec wrote:
    > > On Mon, Mar 24, 2008 at 03:15:27AM -0400, Neil wrote:
    > >> I'm not aware of Mozilla newsgroup messages being immune from being
    > >> sifted by spambots for active email addresses, which are subsequently
    > >> added to spammers' "marketing" lists. One singly important way of
    > >> staying off these lists and minimizing your spam exposure is to provide
    > >> fake personal information when you post to newsgroups -- Mozilla and
    > >> otherwise (especially Yahoogroups).

    > >
    > > This is a futile tactic that will do nothing to stop competent spammers.
    > > The only people it will have any meaningful effect on are those who
    > > are trying to communicate with posters to mailing lists/newsgroups,
    > > and possibly some of the newer, more amateurish spammers -- who will
    > > learn, soon enough. The same can be said for the attempts at obfuscation
    > > that are often claimed to have similar non-existent benefits.
    > >
    > > Here's why:
    > >
    > > First, spammers wrote the trivial bits of perl/awk/python/whatever
    > > to unmunge obfuscated forms many years ago. So things like
    > > rskNOSPAM@gsp.org or rsk (at) gsp.org are pointless.

    >
    > ...
    >
    > I had suspected that emf@NOSPAM.email.com that I have been using (after
    > copying the practice of others) wasn't effective to prevent (new) spam,
    > but it's good to hear a confirmation of this. BTW, from what you say,
    > this particular address of mine has the additional disadvantage that the
    > name is only a 3 letter combination.
    >
    > I've been using webmail to get email from 4 different webmail accounts
    > and I also have my main email and from all these 5 accounts I had been
    > getting around 60 spams a month that have recently been reduced to only
    > 40 (and which I promptly forward to Spamcop, mainly to feel that I am
    > contributing something to the solution of the problem). So the spam
    > filters have been doing a pretty good job. Unfortunately, the TBird spam
    > filter can't catch all these remaining 40, if it could it would be great.
    >
    > One of my Yahoo accounts does not receive any spam (in the mailbox at
    > least) but I suppose it's a matter of time when it will...
    >
    > emf



    Whoa whoa whoa!
    only _60_ spam per month? from 5 accounts? That's an average of 12 spam per
    account per month! I'm not sure about anyone else here, but for me, that
    would be, well, a record month for spam... Considering I get, on average,
    100 spam messages per day... Luckily GMail's spamfilter catches it all and
    keeps it out of my inbox...
    But still...
    Wow...
    I am impressed.

  12. Re: Spammers have software that sift email addresses from Newsgroups

    On 02.04.2008 23:34, CET - what odd quirk of fate caused Jonathan Clark
    to generate the following:? :
    > On Friday 28 March 2008 04:42:17 pm Eustace wrote:
    >
    >> On 2008-03-24 23:12 Rich Kulawiec wrote:
    >>
    >>> On Mon, Mar 24, 2008 at 03:15:27AM -0400, Neil wrote:
    >>>
    >>>> I'm not aware of Mozilla newsgroup messages being immune from being
    >>>> sifted by spambots for active email addresses, which are subsequently
    >>>> added to spammers' "marketing" lists. One singly important way of
    >>>> staying off these lists and minimizing your spam exposure is to provide
    >>>> fake personal information when you post to newsgroups -- Mozilla and
    >>>> otherwise (especially Yahoogroups).
    >>>>
    >>> This is a futile tactic that will do nothing to stop competent spammers.
    >>> The only people it will have any meaningful effect on are those who
    >>> are trying to communicate with posters to mailing lists/newsgroups,
    >>> and possibly some of the newer, more amateurish spammers -- who will
    >>> learn, soon enough. The same can be said for the attempts at obfuscation
    >>> that are often claimed to have similar non-existent benefits.
    >>>
    >>> Here's why:
    >>>
    >>> First, spammers wrote the trivial bits of perl/awk/python/whatever
    >>> to unmunge obfuscated forms many years ago. So things like
    >>> rskNOSPAM@gsp.org or rsk (at) gsp.org are pointless.
    >>>

    >> ...
    >>
    >> I had suspected that emf@NOSPAM.email.com that I have been using (after
    >> copying the practice of others) wasn't effective to prevent (new) spam,
    >> but it's good to hear a confirmation of this. BTW, from what you say,
    >> this particular address of mine has the additional disadvantage that the
    >> name is only a 3 letter combination.
    >>
    >> I've been using webmail to get email from 4 different webmail accounts
    >> and I also have my main email and from all these 5 accounts I had been
    >> getting around 60 spams a month that have recently been reduced to only
    >> 40 (and which I promptly forward to Spamcop, mainly to feel that I am
    >> contributing something to the solution of the problem). So the spam
    >> filters have been doing a pretty good job. Unfortunately, the TBird spam
    >> filter can't catch all these remaining 40, if it could it would be great.
    >>
    >> One of my Yahoo accounts does not receive any spam (in the mailbox at
    >> least) but I suppose it's a matter of time when it will...
    >>
    >> emf
    >>

    >
    >
    > Whoa whoa whoa!
    > only _60_ spam per month? from 5 accounts? That's an average of 12 spam per
    > account per month! I'm not sure about anyone else here, but for me, that
    > would be, well, a record month for spam... Considering I get, on average,
    > 100 spam messages per day... Luckily GMail's spamfilter catches it all and
    > keeps it out of my inbox...
    > But still...
    > Wow...
    > I am impressed.
    >


    huh! impressed, eh! well now, PING Dan the MozChamp man and let him
    tell you how to get NIL spams a day AND even kill those that do get
    through *lol*

    reg

  13. Re: Spammers have software that sift email addresses from Newsgroups

    On 2008-04-02 17:34 Jonathan Clark wrote:
    > On Friday 28 March 2008 04:42:17 pm Eustace wrote:
    >> On 2008-03-24 23:12 Rich Kulawiec wrote:
    >>> On Mon, Mar 24, 2008 at 03:15:27AM -0400, Neil wrote:
    >>>> I'm not aware of Mozilla newsgroup messages being immune from being
    >>>> sifted by spambots for active email addresses, which are subsequently
    >>>> added to spammers' "marketing" lists. One singly important way of
    >>>> staying off these lists and minimizing your spam exposure is to provide
    >>>> fake personal information when you post to newsgroups -- Mozilla and
    >>>> otherwise (especially Yahoogroups).
    >>> This is a futile tactic that will do nothing to stop competent spammers.
    >>> The only people it will have any meaningful effect on are those who
    >>> are trying to communicate with posters to mailing lists/newsgroups,
    >>> and possibly some of the newer, more amateurish spammers -- who will
    >>> learn, soon enough. The same can be said for the attempts at obfuscation
    >>> that are often claimed to have similar non-existent benefits.
    >>>
    >>> Here's why:
    >>>
    >>> First, spammers wrote the trivial bits of perl/awk/python/whatever
    >>> to unmunge obfuscated forms many years ago. So things like
    >>> rskNOSPAM@gsp.org or rsk (at) gsp.org are pointless.

    >> ...
    >>
    >> I had suspected that emf@NOSPAM.email.com that I have been using (after
    >> copying the practice of others) wasn't effective to prevent (new) spam,
    >> but it's good to hear a confirmation of this. BTW, from what you say,
    >> this particular address of mine has the additional disadvantage that the
    >> name is only a 3 letter combination.
    >>
    >> I've been using webmail to get email from 4 different webmail accounts
    >> and I also have my main email and from all these 5 accounts I had been
    >> getting around 60 spams a month that have recently been reduced to only
    >> 40 (and which I promptly forward to Spamcop, mainly to feel that I am
    >> contributing something to the solution of the problem). So the spam
    >> filters have been doing a pretty good job. Unfortunately, the TBird spam
    >> filter can't catch all these remaining 40, if it could it would be great.
    >>
    >> One of my Yahoo accounts does not receive any spam (in the mailbox at
    >> least) but I suppose it's a matter of time when it will...
    >>
    >> emf

    >
    >
    > Whoa whoa whoa!
    > only _60_ spam per month? from 5 accounts? That's an average of 12 spam per
    > account per month! I'm not sure about anyone else here, but for me, that
    > would be, well, a record month for spam... Considering I get, on average,
    > 100 spam messages per day... Luckily GMail's spamfilter catches it all and
    > keeps it out of my inbox...
    > But still...
    > Wow...
    > I am impressed.


    I am sure that many more spams are sent to my addresses, but are caught
    by filters before reaching me. Yahoo has a spam filter you can energize.
    I also used to receive more spam from my email.com until they put a
    filter. My main (.edu) account should also have a spam filter which I
    don't know about: About 10-12 years ago I was unaware of the danger and
    I used to post messages to public newsgroups with my main address, yet I
    would *never* receive a spam back then.

    Unfortunately, those spams that do reach me are usually hard for the
    TBird filter to catch...

    emf

    --
    It ain't THAT, babe! - A radical reinterpretation
    http://www.geocities.com/itaintme_babe/itaintme.html

+ Reply to Thread