[wplug] Spam question
Jonathan Billings
billings at negate.org
Sat Oct 29 13:26:17 EDT 2005
Douglas Green wrote:
> Hi all-
>
> I have been receiving a large volume of spam (4-6/day) that is not
> addressed to my email address anywhere in the header. Can anyone tell me
> how this stuff gets to me when it's not addressed to me, and how I can
> eradicate it?
While the email headers of the message might not indicate that there is
a To: field containing your email address, spammers can easily forge the
headers of an email message, before it arrives at your mail destination.
However, the envelope recipient (the SMTP RCPT TO) must be addressed
to you for it to get into your mailbox. The general public doesn't
realize that the email headers (From: and To:) have little to no bearing
on the envelope sender and recipient. Some MTAs will add headers to the
message that contain that information. (For example, Sendmail will put
the relevant information about the recipient in the Recieved: line.)
Basically, there's nothing you can do about checking for consistancy
between envelope addresses and the headers of the message. Mailing
lists (including the WPLUG mailman system) will not include your email
address in the To: field.
> Would something like Spamassassin work for me (an end
> user)?
It's possible, but Spamassassin works best if you can invoke it before
it arrives in your mailbox. If you run your mail system, this is
possible. You can also use tools to connect and tag your mail for spam,
but I've never used this technology, others on the list might be able to
provide more help there.
> Within reason, I try to keep my email address private- but this
> stuff still gets through. The most recent ones have nonsense subject
> headings like "To wish shatter beaches among", and they are invariably
> some advertisement for pharmaceuticals. It's the same ad, every time,
> from a different source.
> Tips, advice, and pointers towards info for keeping my email private
> would be much appreciated!
It seems that it might be too late for your current addresses. Once
out, spammers sell and trade lists of potential addresses.
The only way I've ever kept an address secret was to never use it. You
can't trust your friends, because they might get a virus or trojan that
will steal all the addresses out of their address book. You definately
can't trust websites, because even if they promise to keep your contact
information secret, they might get hacked, or even worse, bought out by
a less scrupulous company.
I tend to give out addresses to particular companies that are unique,
like I'd give slashdot 'slashdot at foobar.baz' (assuming I run the
foobar.baz domain) and then if I started getting spam to that address,
then I just have my mail server reject all mail to that address.
--
Jonathan S. Billings <billings at negate.org>
More information about the wplug
mailing list