[wplug] Spam question

[A. McCullough]

I get *easily* twice that - just deleted a dozen today - and I'm also on
Comcast. Frankly, my spam count has gone UP since I've been using one of those
spam-blockers that bounce messages and block them before it gets to your inbox
(MailWasher) - I'm just going to have to change some email addresses. The one
email address I have that gets very, very few spams has some odd characters in
it - an underscore, a question mark - it seems to throw most bulk email software
and spammers a curve, more so than any other form of "spam protection" I've used
thus far. The addresses I use for groups and shopping, naturally enough, are hit
the hardest.

Cheers,
Anna

----- Original Message ----- 
From: "Jonathan Billings" <billings at negate.org>

> Douglas Green wrote:
> > Hi all-
> >
> > I have been receiving a large volume of spam (4-6/day) that is not
> > addressed to my email address anywhere in the header. Can anyone tell me
> > how this stuff gets to me when it's not addressed to me, and how I can
> > eradicate it?
>
> While the email headers of the message might not indicate that there is
> a To: field containing your email address, spammers can easily forge the
> headers of an email message, before it arrives at your mail destination.
>   However, the envelope recipient (the SMTP RCPT TO) must be addressed
> to you for it to get into your mailbox.  The general public doesn't
> realize that the email headers (From: and To:) have little to no bearing
> on the envelope sender and recipient.  Some MTAs will add headers to the
> message that contain that information.  (For example, Sendmail will put
> the relevant information about the recipient in the Recieved: line.)
>
> Basically, there's nothing you can do about checking for consistancy
> between envelope addresses and the headers of the message.  Mailing
> lists (including the WPLUG mailman system) will not include your email
> address in the To: field.
>
> > Would something like Spamassassin work for me (an end
> > user)?
>
> It's possible, but Spamassassin works best if you can invoke it before
> it arrives in your mailbox.  If you run your mail system, this is
> possible.  You can also use tools to connect and tag your mail for spam,
> but I've never used this technology, others on the list might be able to
> provide more help there.
>
> > Within reason, I try to keep my email address private- but this
> > stuff still gets through. The most recent ones have nonsense subject
> > headings like "To wish shatter beaches among", and they are invariably
> > some advertisement for pharmaceuticals. It's the same ad, every time,
> > from a different source.
> > Tips, advice, and pointers towards info for keeping my email private
> > would be much appreciated!
>
> It seems that it might be too late for your current addresses.  Once
> out, spammers sell and trade lists of potential addresses.
>
> The only way I've ever kept an address secret was to never use it.  You
> can't trust your friends, because they might get a virus or trojan that
> will steal all the addresses out of their address book.  You definately
> can't trust websites, because even if they promise to keep your contact
> information secret, they might get hacked, or even worse, bought out by
> a less scrupulous company.
>
> I tend to give out addresses to particular companies that are unique,
> like I'd give slashdot 'slashdot at foobar.baz' (assuming I run the
> foobar.baz domain) and then if I started getting spam to that address,
> then I just have my mail server reject all mail to that address.
>
> -- 
> Jonathan S. Billings <billings at negate.org>