Re: SPAM from stock market scammers

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

"daveh551" <dave@xxxxxxxxxxxxxxxx> wrote in message news:1156859911.022555.271430@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Vanguard wrote:
Don't really care what e-mail address the spammer professes to
originate from. It's bogus. Check for the IP address of the sender
by tracing back through the Received headers (but watch out for bogus
headers inserted by the spammer's server). Most likely they are
originating from known spam source IPs, so blocklisted IPs would get
rid of them.

SpamPal (free)
http://www.spampal.org/
Provides a whole slew of different methods of detecting spam.

SpamPal includes a Bayesian filter, just like Outlook and SpamBayes,
but they don't work against spam which hides itself inside an image.
SpamPal has other methods to detect spam coming from known sources.
Plus you could use the RegEx plug-in to write a rule to look in the
body of the e-mail to check for images. So far, I haven't needed to
bother with the RegEx plug-in since the other methods have been very
effective at detecting spam.

Also make sure you have spam filtering enabled on your mail account.
Go to the options for your mailbox using the webmail interface at your
ISP (swbell.net) and enable spam filtering up there. It may be looser
than you care for (i.e., lots of spam leaks past their filter) but it
will get rid of some so you don't have to end up downloading it and
then checking using a client-side anti-spam filter. Anything you can
do for server-side filtering is better than doing it all client-side.

Thanks for the reply, Vanguard. I've taken a couple days to try out
what you said. I downloaded and installed SpamPal, and turned on the
Bayes, HtmlBody and HtmlModify plugins, but this particular spam still
gets through without being detected. I've gone through about a week's
worth of saved spam, and each of them comes from a different IP
address. I've added those to SpamPal's blacklist, but since every new
one appears to be different, I doubt that will help any. I COULD turn
on HtmlModify to reject anything with an IMG, but that would be severe
overkill, since lots of the mailing lists I'm on have images in them.
I already don't like that HtmlModify is taking out a lot of the images
that it finds as possible webbugs.

Any other ideas?

BTW, my email host (www.readyhosting.com) already runs a Bayes filter
and blacklist on the incoming mail (it looks like SpamAssassin), but
these are still passing. SpamPal is probably redundant of that effort.



Reading into an image isn't possible because just one pixel difference means it is a different image. You'll have to decide whether you willy nilly go reading every e-mail just because it has an image. Every e-mail client that I use has an option to disable images unless *I* choose to see the image. You don't need HTML-Modify removing the images but you will probably want it scoring the mails based on image counts (unless, of course, you like getting highly spammy mails with all the glitter of images that provide little content). Have your e-mail client disable images until you want to read them. With HTML-Modify, all of those *linked* image are still available, and all of the embedded images will always be there unless YOU configure HTML-Modify to block all images, even embedded ones. HTML-Modify, by default, blocks the linked images (i.e., the spammy crap that obviously wasn't important enough by the sender for the sender to actually include them in the e-mail and instead provided a link to them). I'm on newsletters, too, but the linked images are common images so they aren't specific the e-mail that *I* receive. Plus, you can always looks at the URL that HTML-Modify changed (in the <IMG> tag that got renamed to <XMG>) and go browse to it if you thought it was that important. You might also want to disable the Preview pane and enable AutoPreview mode, like in Outlook, that shows the first few lines of each mail as text-only so you can get an idea of what is in the mail. Of course, if you don't know from who the message originates then you probably don't want it and the extra text-only lines will help in deciding what is good or not.

If the mails are truly originating from different IP addresses then you are some spammer's mail list who has an army of zombied hosts from which to spew their crap. That is, they are running trojan mailer daemons on idiot user's hosts. You could use the MXBlocking plug-in to tag any mails that originate from dynamically addressed hosts, like those that get their IP addresses from a DHCP server (dial-up users, cable and DSL users). As mentioned, you could use the RegEx plug-in. Most of the image-ridden spam that I've received hid their content in a GIF file, but no one that I know or do business with puts images in GIF files. If I was to get bombarded by GIF images in spam mails, I'd define a filter in RegEx to look for the MIME header with a filetype of .gif and tag that mail. I don't get those anymore so you would have to look at the data in the mail to see what the MIME header looks like. Unfortunately, Outlook fucks over the raw data of e-mails to convert to its proprietary format stored in its PST file, so you might want to use Outlook Express or some other e-mail program to see the raw mail source.

.

Quantcast