[wplug] Spam question

Jonathan Billings billings at negate.org
Sat Oct 29 13:26:17 EDT 2005 

Douglas Green wrote:
> Hi all-
> 
> I have been receiving a large volume of spam (4-6/day) that is not 
> addressed to my email address anywhere in the header. Can anyone tell me 
> how this stuff gets to me when it's not addressed to me, and how I can 
> eradicate it? 

While the email headers of the message might not indicate that there is 
a To: field containing your email address, spammers can easily forge the 
headers of an email message, before it arrives at your mail destination. 
  However, the envelope recipient (the SMTP RCPT TO) must be addressed 
to you for it to get into your mailbox.  The general public doesn't 
realize that the email headers (From: and To:) have little to no bearing 
on the envelope sender and recipient.  Some MTAs will add headers to the 
message that contain that information.  (For example, Sendmail will put 
the relevant information about the recipient in the Recieved: line.)

Basically, there's nothing you can do about checking for consistancy 
between envelope addresses and the headers of the message.  Mailing 
lists (including the WPLUG mailman system) will not include your email 
address in the To: field.

> Would something like Spamassassin work for me (an end 
> user)? 

It's possible, but Spamassassin works best if you can invoke it before 
it arrives in your mailbox.  If you run your mail system, this is 
possible.  You can also use tools to connect and tag your mail for spam, 
but I've never used this technology, others on the list might be able to 
provide more help there.

> Within reason, I try to keep my email address private- but this 
> stuff still gets through. The most recent ones have nonsense subject 
> headings like "To wish shatter beaches among", and they are invariably 
> some advertisement for pharmaceuticals. It's the same ad, every time, 
> from a different source.
> Tips, advice, and pointers towards info for keeping my email private 
> would be much appreciated!

It seems that it might be too late for your current addresses.  Once 
out, spammers sell and trade lists of potential addresses.

The only way I've ever kept an address secret was to never use it.  You 
can't trust your friends, because they might get a virus or trojan that 
will steal all the addresses out of their address book.  You definately 
can't trust websites, because even if they promise to keep your contact 
information secret, they might get hacked, or even worse, bought out by 
a less scrupulous company.

I tend to give out addresses to particular companies that are unique, 
like I'd give slashdot 'slashdot at foobar.baz' (assuming I run the 
foobar.baz domain) and then if I started getting spam to that address, 
then I just have my mail server reject all mail to that address.

-- 
Jonathan S. Billings <billings at negate.org>

More information about the wplug mailing list