Junk e-mail: can I retaliate?

Topic

New Reply

I’ve never had any doubts when to recognise spam, hoaxes, chain letters, fake virus warnings, address confirmation, phishing, Facebook and Twitter notifications (about my non-existing accounts), birthday cards, casino invitations from India, job offers sent from Brasil (and from my own address), dating propositions from Russia, anatomical enhancement for my nether region, and the list is far from exhausted.

I rarely see them thanks to K9, a free very efficient spam filter, but still, once in a while something slips through or I have to check my junk folder to recover false positives.

I’ve been taking junk mail in stride. But I wonder if actively fighting it might be worthwhile and if so, how to go about it.

Susan Bradley’s link to ipTRACKERonline (Thank you, Susan) gives me a mail’s origin and continues with a Whois Query which gives the ISP’s E-mail address (OrgAbuseEmail) to report abuse.
I guess I have to send the junk mail’s message source to that OrgAbuseEmail.

Concluding questions:
1. Is the method correct?
2. Does it make sense or is it a waste of time?

Reply | Quote

Replies

To completely end junk mail, the only method I know is to create a new account that has better filtering. Unless you have to many contacts that you would have to give new address to.

Reply | Quote

To completely end junk mail, the only method I know is to create a new account that has better filtering. Unless you have to many contacts that you would have to give new address to.

MIT showed the only correct way is to filter at the end point.
ANYTHING that filters in the path will throw away good messages.
A friend lost a job offer cause the isp tried to be helpful and filtered messages
without telling him and tossed the good one that was critical.

Use a white list black list approach and just check teh junk folder daily.
No big deal. Check anything that is unknown (most of the spam repeats senders and topics)
and if good then white list it.

Never trust anyone/anything in the middle to cut down spam properly.
It must be done at the end point in your pc email client.

Reply | Quote

A waste of time, IMHO…

BATcher

Plethora means a lot to me.

Reply | Quote

Unfortunately, iptrackeronline may not be all that useful. This morning, there was a message in my mailbox from someone I know who lives a few miles away from me. I know that she is there now, and not in Madrid. But the email message, which came from her address, told a tale of woe about being stranded in Madrid without money yada yada yada. I looked at the full email headers, and the early ones came from Yahoo, which are not the headers that normally appear on her messages. After reading your message in this forum, I put the headers into iptrackeronline and was told what the originating IP address is and the associated email address and where it is located (it said Africa). Unfortunately, the email address they gave was my friend’s. She uses Juno for her email. So someone seeing this information might be tempted to write to Juno to complain, since that’s at the top of the report and is the only email address provided.

Someone more knowledgeable might use whois to find out information about the originating IP address, but the only address to report abuse to is to RIPE in the Netherlands, and they’ve assigned a huge range of IP addresses. I seriously doubt that the spammer is the sole user of the IP address from which the message was sent, and that would be the end of the matter. In other words, as BATcher has put it more succinctly, you’d be wasting your time.

Reply | Quote

I’m appalled, by how many people are Clueless about email and put their whole name or a good part of it in their email address.
And then they often use an ISP, like AOL, that is a Spammers and Hackers magnet. MS mail isn’t any better.
An email address should be totally ‘non-descript’ where it does not point to you in any way.

At my local ISP I had an address that did not have my name in it, but it was made up of real words, starting with “The”. Big mistake!
I got spam for everything from “TheMasterbater” to “TheBosendorfer”. It got ridiculous!
So I killed off that address and went with “cxp_mst_shatx@xxxxx.xxx” and my problems with spam ended right there.

Now, I use only GMail, where they have a pretty good Spam Filter, and I can add email addresses to the list of spammers, in the Filters section.
Those people who refuse to stop sending me, videos, long strings of pictures, dirty jokes, etc., wind up in my spammers list and I see them no more! At least 20 emails a week wind up in the Spam folder at Gmail and never make it down to my computer at all. That’s good, because I have a download cap on just how many megabytes I can download, including email, each month.

Most of those types of spam mentioned in the first post are from countries where they really don’t care how much spam is sent to you, so retaliation is futile. There is no-one there that’s going to prosecute them anyway.
And most often, they change their addresses as often as most of us change our socks.

For safety, you should be using a GOOD AV/AS program (I use AVG) that scans all incoming email for “Malware”.

Good Luck to you!
😎

Reply | Quote

The problem with retaliation against the sender based on IP address is that you are likely to identify three types of victims: the operator of a mail server misconfigured to offer an open relay to anyone on the planet, a home or business user enrolled in a botnet whose PC is spewing spam without their knowledge, and company or university that has a previously undiscovered rogue server operated by an insider or outsider (other than a botherder). It would be great to shut these down, since they are all cases of technical failure or lack of education on the part of the people who should be controlling their devices. But it’s not helpful to think of it as “retaliation.”

With respect to email addresses, some of them might actually not be forged. For example, I think some people get paid (very little) to do nothing but create new webmail accounts to blast out spam in the brief window before they are shut down. By the time you write to that person, the message is likely to bounce back, or they just won’t care. So this is basically a waste of your time.

Perhaps a better target than the sender is the sites the spam wants you to visit. There probably are lots of people busy shutting those down who wouldn’t mind having spam forwarded to them.

Reply | Quote

I use 2 Gmail + 1 AOL addresses. 99% of the time I read & send using Windows Live Mail to which I sign in with a Hotmail Account, (it is deleted after adding my other accounts). This gives me an added layer of protection by WLM filters. The only Spam I get is in tins and tastes lovely with brown sauce.

Reply | Quote

I take issue with your statement; it is better with a white sauce, along with an Islay single malt.

I decided that spam is here to stay and to engage spammers wastes your time. Every time you upgrade your spam prevention tech spammers upgrade their tech, on and on. I reverted to simplicity; I have 12 email addresses, two of them are personal, one for kin kith and friends, one for government, AARP, Medicare, SocSec. and my doctor and such; I have two public email addresses that I will post on web sites, give out to anyone, their sites have spam filters, then I forward them to a Gmail account and its filters, and the email is downloaded to SeaMonkey and another spam filter. I check the original sites and gmail spam filters to insure no legit emails are trapped, usually hundred and half a dozen a year or fewer. I get no spam in the personal boxes. One of my friends send me a group email without the BCC two years ago. I immediately created another personal email at my ISP, sent notifications of the change to kin, kith, and friends. That miscreant friend I told that one of my public emails was the new one. He is only friend who uses one of my public ones. I had not received any spam in that old personal email, but felt that it was compromised. I get an occasional spam message in the remaining emails which I use for tech, literary, science, politics, etc; each for different subjects or similar groups of subjects.
I dont opt out of spam. I just block it. You opt out you tell them they found a live box. This year so far I’ve received a hundred and eleven, most in public boxes, of which only a dozen reached my email client SeaMonkey. Gmail has great spamfilter, and SeaMonkey is no slacker.

Most of the spam comes into one of the public emails. If you subscribe to a tech, literary or other email publications, only opt in for publications sent by them. DONT opt in for things sent by their trusted partners. Check the privacy policy of the original site. Generally I dont opt in for other products; I take their names and go to their site.

Slow down and use the tech for your ease of use, simplicity, and protection.

If you believe that multiple email addresses are a complication. They become one in SeaMonkey. Use the tech to simplify your life.

The number of hundred and half, or a dozen mostly what gets through in a year to my desktop; the many many more are stopped at original 2 webmails, and what gets past them are stopped by Gmail, and the few that get past it SeaMonkey catches and that is the hundred or so.
As said, I get few in the e-journal boxes, none in the personal boxes, and their only spamfilters are the webmail and SeaMonkey.

Reply | Quote

With the really great Spam Filter in GMail, it’s very seldom that I ever get any, but when I do that address is added to my Spam Filter list.

Lately, I’ve been getting some ‘spam’ allegedly from a friend in Ca. and one in Arkansas. Some spambot somewhere is using their address to send out spam.
Both of those persons have their name in their email address.

If everybody in the world, would STOP forwarding junk email and block out all addresses when they do send something to more than one person, the whole internet would be a much safer place.
Never use TO: when sending to more than one person….. always use BCC: for safety.

Happy Holidays Everyone!

😎

Reply | Quote

…
Never use TO: when sending to more than one person….. always use BCC: for safety.
…

For fifteen years now I’ve been telling family, friends and acquaintances to do that. :rolleyes:

And also, before sending them on, to delete address lists in forwarded mails which are eagerly mined for addresses by spam-trojans.

It’s been a fruitless and exasperating effort, except with a very few willing-to-learn people.

Reply | Quote

Yahoo offers ‘disposable’ email addresses as part of their webmail service which I have used several times to good effect – otherwise I would endorse various people in this tread that have stated that you should NEVER reply to (or try to unsubscribe from) a Spam email as it only flags an ‘active’ address to the spammer.

Reply | Quote

You can submit spam to Spamcop at http://www.spamcop.net.

You have to know how to paste in the entire raw message, headers and all and it’ll automatically figure out who to complain to and do so on your behalf, while also gathering data and adding to their DNS blocklist. It’s a little kludgy submitting with a 7-second delay, but I use it from time to time when I see messages that the various blocklists aren’t aware of.

Reply | Quote

You can submit spam to Spamcop at http://www.spamcop.net.

You have to know how to paste in the entire raw message, headers and all and it’ll automatically figure out who to complain to and do so on your behalf, while also gathering data and adding to their DNS blocklist. It’s a little kludgy submitting with a 7-second delay, but I use it from time to time when I see messages that the various blocklists aren’t aware of.

Ditto! I too had become aggravated to the point of enough is enough. I report EVERY piece of spam mail that I get to SpamCop. Sometimes it takes a few weeks to see results but eventually it (the spam) goes away… at least in my experience.

Reply | Quote

I’ve used Mailwasher Pro for several years. It is an application that allows you to pre-screen your email before you download it from the server. There is a free version but the Pro version allows to to check several accounts at once; very useful if you use Outlook or a similar program with several different accounts from different servers. It has SPAM filters but gives you the option of categorizing incoming addresses as spam, blacklisted and friend. Ir also offers the option of “bouncing” mail back to the sender as if the account doesn’t exist.

Hope this helps.

Reply | Quote

… Hope this helps.

Not one bit, sorry.
It has all been said or refuted in previous posts in this thread. Please read them again.

Reply | Quote

A few years back, a small group of developers came up with some modules that worked as a plugin with Thunderbird and other client-side email products–and IIRC, maybe some browser based ones as well). The Blue Frog concept required users to enroll their email address(es) at Blue Frog’s site, whereupon recipients could then forward their spam to a user-specific address at Blue Frog.

Blue Frog collected and analyzed the spam, then through their server-side automated processes, went to each advertised site and once per message reported by its members, without identifying individual members filled out and submitted forms on the merchant site with descriptive messages to advise the merchant that they had–through the spammer they hired–contacted someone who did not want to receive their spam emails. The merchant was also advised that a form would be completed for each instance reported by each member, but they could have their spammer supply Blue Frog with their address list, whereupon Blue Frog would at no charge strip their clientele’s addresses from the list returned to the spammer.

Blue Frog’s popularity grew rapidly, membership running well into 6 figures. Merchants’ began receiving hundreds and thousands of mostly bogus responses per hundred thousand emails sent by their spammer, began to feel the pain they were inflicting via spam (deservedly so), and started getting their spammers to allow Blue Frog to wash their address lists. The effect on members’ spam was dramatic and documented graphically by logging in to Blue Frog’s web site.

Unfortunately–spammers being among the #@(*&#$&% of the Internet that they are–the weaknesses of the design were isolated by a small group of major spammers, and used in retaliation against Blue Frog and its members. Spammers turned their botnets to DDoS-ing Blue Frog’s servers until Blue Frog ran out of resources (server/network capacity and corporate funding/grants) and surrendered (closed down). By comparing cleaned address lists to their originals, spammers deciphered who Blue Frog’s members were, and ramped up their spam campaigns while inserting Blue Frog member addresses into forged “Sender” headers.

Prior to DDoS-ing Blue Frog into oblivion, deciphered member addresses were inconsequential because of the 1-to-1 nature of the merchant-side process. Blue Frog’s servers turned out to be the single point of failure. A few devoted members who also had (limited?) development abilities began a grass roots effort to devise a distributed peer-to-peer version like Blue Frog’s that would amount to too many servers for spammers to DDoS simultaneously (called Purple Toad, was it?), but I’ve lost track of that project although it sure would be nice to see it resurrected.

Reply | Quote

I have this discussion often with my PC customers, who either Want or Need to change their email address.
I always suggest GMail as the safest and easiest to use. It has a pretty good spam filter, that can be added to, by you entering offending email sources in to the filter.
I mainly add the addresses of those persons or places that will not stop sending me HUGE emails, containing video’s or long strings of pictures.

But my own secret to avoiding not only spam but Spybots as well, is to make an address that’s Non Descriptive. That means that it should contain NO actual words or proper names. Something with mixed numbers and letters works best.

I have friends who have put their full name in their email address and they get spam and get their address hijacked by Spybots. It’s a real mess.

Cheers Mates!
The Doctor 😎

Reply | Quote

Wonderful thread! I personally find using something like 10-Minute Mail to be exhausting. I have enough stress in my life, and to me, using one of these temporary email account programs — while their authors perform an honorable service — are just too manic a way to try to address this insidious problem. I say, use the spam filter that comes with your email client, and when spam sneaks through, blacklist the sender, then just delete the email (if not removed by the blacklist step) and get on with your life. And if you get spam that appears to be from a friend or colleague (occassionally, one-and-the-same ;-), let the person know, and after that, it really is that person’s responsibility to deal with it.

One man’s humble opinion.

Have a blessed holiday, everyone!

Reply | Quote

…
Never, ever, ever, ever, NO NEVER put your real name out there, ANYWHERE! Not on email, NOT on any forum, not anywhere that becomes public information. Once they know your name and ISP, they can trace you down to ‘where you live’. That gets extremely dangerous.
…

Good advice, but unfortunately it’s not always possible.

My professional union provides a free mailbox for all its members. So most of my colleagues and myself have an address with a syntax like firstname.name @ our_union.eu and they all, without exception, have at least one public phone number. A spammer only has to check the yellow pages of the online telephone directory to get valid addresses for 70 % of all of my Flemish colleagues.

We’re all highly trained to apply vanguard technology in our field, and sure we can use our professional software. But concerning other software, hardware, internet and its (lack of) security, many are barely better than total dummies and their education proceeds snail-paced. Doubtlessly several have been or still are infected by address-reaping trojans, thus putting us in spam lists. :(:

Especially the last six months I’ve often received spam allegedly sent by myself at myfirstname.myname @ our_union.eu. I’ve been thinking of sending that spam to SpamCop, but I’m afraid they might put *me* in their blacklist. :huh:

Still, an address with your name in it isn’t bad per se. But it’s imperative to use a totally different address for your bona fide correspondents. Meanwhile use the mailbox at your.name.address as a honeypot to collect-and-forget spam. Only don’t let the honeypot exceed its quota, otherwise innocent people would get bounces because spammers spoof their sender-address anyway. And don’t lean out the window …

Reply | Quote

Good advice, but unfortunately it’s not always possible.

Actually I don’t think it is good advice.

It’s advice for the ultra-paranoid person and unless you have specific need to do so [I]which I accept there always are[/I] then whatever form of address you use will or will not see spam.

I have several – like most tech folks – email addy’s. Some have my real name in, some don’t. Some have underscores, etc, some don’t. However, teh amount of spam I receive is no less or more for those with real names than for those with made up ones with ‘extra’ characters. My real name email address has been in use for far longer than any other I have and sees generally less spam on a daily basis than some recent made up ones with random characters to them.

C’est la vie.

By the by – 1. I always thought K9 was a web filter – http://www1.k9webprotection.com/ so have learnt from this thread and
By the by – 2. Most spam I have been led to believe originates in America

Reply | Quote

Mmmmm. Well I have used 1 main email address for nearly 15 years. That one is portable but initially I was naive and got lots of spam. My supplier advised that there wasn’t much to be done except change email address. I didn’t and, after some years the spam to that address has all but expired. I did create a couple of addresses for particular purposes but even they attracted spam even though, in one case at least, the address was only used for totally trusted sites like this one.

I use Norton which has a very good, if sometimes wrong, spam filter. It does though allow emails from particular addresses or domains to be blocked. A much easier version of black and white lists.

A neighbour has just changed ISP and my advice to him was to use ONE address for friends only and others for different purposes. At least his previous ISP address is now dead and the spammers will be blocked and unable to reach him – for now at least. Personally I’d like to find the spammers and show them a noose.

Reply | Quote

Would it be okay to say “I’ll drink to that!” ??

Reply | Quote

Over here in the UK I moderate a local Freegle group (similar to Freecycle in the States) and have seen a number of members’ email addresses being compromised in that they appear to sending spam. In most cases, a simple change of their email password resolved the issue which would indicate a server side problem rather than malware related.

It now appears that another major ISP in the UK has been targeted for a brute force attack so I expect a busy week or so ahead!

http://www.ispreview.co.uk/story/2011/11/23/virgin-media-uk-isp-customers-suffer-brute-force-webmail-hack-and-spam.html

Reply | Quote

Whilst it may be satisfying you run the risk of harrasment afterwards. I’ve heard of a case where the spammer really got a bee in his bonnet, found the phone number, and sent annoying phone calls at all hours just to annoy (& intimidate). Best to ignore & move on. That being said I do enjoy many of the inventive hoax emails & so regularly browse the spam box for a laugh.

Reply | Quote

If you make any kind of reply to a spammer, you are only telling them that they have found a live address, which could then get passed on to other spammers. Far better to ignore, and to use a good server based filter (I use MailWasher) to delete the rubbish before it is downloaded.

Reply | Quote

The spammers send out thousands of e-mails at a time and do not have the time or care about any replies. Also unsubscribe links just lets them know they got a real person. They can also tell when you have opened the message by the graphics that you see or using a one pixel graphic.

I have a dozen e-mail accounts and so I use MailWasher (mailwasher.net) to filter out any unwanted messages before I check them online or with Thunderbird. With MailWasher you can bounce the message back to the sender (even if it looks like you sent it to yourself) so it looks like it was sent to a bad e-mail address. MailWasher has a training filter to help catch new spam from the same sender. I rarely have it flag a good e-mail. You can also preview the message to double check it.

Reply | Quote

Thanks guys for your replies.

Concerning my questions in my OP, I conclude that trying to take down actual spammers is extremely complex and would require excessively much time and effort for very little result. So I’ll just continue to rely on my ISP’s server-side filter and my own local K9 anti-spam proxy, which together manage quite well, considering that only two or three spams per week reach my Inbox.

As for advice on how to limit/avoid spam, I already know almost all the tricks you recommend and even one more.

If a (shady) site you don’t fully trust requires a valid E-mail address before granting your request (download or purchase or forum-subscription), don’t hand it over but use 10 Minute Mail instead. There are many more of those mentioned at moreofit.com

Reply | Quote

… With MailWasher you can bounce the message back to the sender (even if it looks like you sent it to yourself) so it looks like it was sent to a bad e-mail address. …

Mailwasher themselves say NOT to use the bounce feature against spam. There are many reasons not to, and they talk about one on their website.
It is easy to come up with a few more, like the utter uselessness of bounces (sender addresses are almost never monitored for bounces by the sender), or verifying your address as deliverable.

The proper way to make your address look like undeliverable would be to return a failed-type status code (5xx) to the sending server while the transmission is taking place. This is called a REJECT and signifies an undeliverable address, at least from that source (when the receiving server uses a blackhole list), and/or with that content (when the server employs content filtering; this is rare).

All this requires that the sender cares. Evidence to the contrary is overwhelming; addresses which have been nonexistent for a decade, still receive spam today if re-created. The only thing that could actually kill all spam would be for people to suddenly become smart (fat chance!) and stop visiting spamvertised pages or buying spamvertised products, as per The Boulder Pledge.

Reply | Quote

Everyone here makes excellent points, but with all due respect the discussion is simply wasting your valuable time. Any email address will receive spam sooner or later; there’s software out there to generate every possible combination of characters @ every possible domain, and “zombie” networks of virus-infected domestic computers that will relay emails from their local ISP address, although the emails originate elsewhere in the world. Tracing the source of a spam is difficult if not impossible, and trying to harm the spammer by responding in any way is adding to the huge volume of unproductive traffic that slows down net speeds across the globe.

Spam exists, like adverse weather in the real world. Best thing to do is protect yourself as much as you can, try not to be foolish – like sheltering under a tree in a thunderstorm, replying to spam is not a good thing – and rely on the fact that ISPs aren’t totally unaware that their web capacity is being abused.

There are measures in place to stop excessive traffic from any given source (that’s why spammers developed distributed zombie networks) plus other checks that no-one is going discuss publicly because that helps you-know-who. Some countries from which spammers operate aren’t always bothered about matters which inconvenience others outside their borders, so even corporate or government action can’t ultimately stop the traffic. The true perpetrators stay well hidden and are largely immune from technical or legal retaliation.

I was an “acceptable use” manager at one of the national ISPs for some time – the “spam czar” – so I know wherof I speak. I use Mailwasher – have for many years – and my spam is less than 5 per day. I can see it, delete it and get on with my life in far less time than it took me to write this response!

Reply | Quote

… With MailWasher you can bounce the message back to the sender (even if it looks like you sent it to yourself) so it looks like it was sent to a bad e-mail address. …

I would recommend against using the Mailwasher bounce feature.
That bounce is NOT sent by a mailserver but *by your machine*, just like a regular E-mail. The difference is visible in the headers where the IP-addresses are shown.

A Mailwash bounce actually confirms the validity of your address. NOT 😎

Here is why (an old post but still applicable, I think).

Here are some statistics about spam, from not so long ago (15 DEC 2009).

You can read much more about Mailwasher and spam in general in a GRC newsgroup (Steve Gibson’s newsgroups server) (access and optional registration are free), going back to 2002:
The GRC’s NNTP server is: news.grc.com
The newsgroup is: grc.spam

Edit: When I sent this post I hadn’t yet seen the one immediately above. :blush:

Reply | Quote

At one point in time, some years ago now, I set my 3rd party firewall to log every hack attack and notify me.
I was getting so many attacks that I had to turn the notifier OFF. I was getting as many as ten per minute.
When I did a trace on them, 90% were coming from China.

I can only imagine that most of the spam is coming from there too. The spam that’s really hard to control is that
which comes addressed to you from a friends email address. You don’t want to block your friends address, which is really pretty easy,
at least with GMail, so you just let them know that they’re email address has been hijacked.

Here is an email that I got from a friend, just a few days ago. Of course, he didn’t send it. But his big mistake was putting his whole name in his email address.

hi…
I had tried everything finding this was the greatest thing thats ever happened my success was effortless just think of all the possibilities
http://kirk****.ro/profile/83ColinMorgan/
goodbye

My friend would never send an email like that….with such a total lack of punctuation, so I knew at once it was from a ‘Spybot’.

I had him create a new and nondescript GMail address and I’m putting his old email address in my Block Sender list, at Google.

That’s the second email I’ve gotten from the same location, but with different sender’s email addresses.

It’s easy for hijackers to pilfer an email address when it has a person’s name or common words in it. But it’s a lot harder when an address is totally nondescript….. like zcxtmpg2012@anymail.com

The next time you set up an email address for yourself or family member, remember to keep the address as totally nondescript as possible.

Cheers Mates and Merry Christmas

The Doctor 😎

Reply | Quote

The spammers send out thousands of e-mails at a time and do not have the time or care about any replies. Also unsubscribe links just lets them know they got a real person. They can also tell when you have opened the message by the graphics that you see or using a one pixel graphic.

According to David Pogue, clicking on unsubscribe links is now pretty reliable. See his Sept. 1 blog in the New York Times: http://pogue.blogs.nytimes.com/2011/09/01/rethinking-the-never-unsubscribe-rule-for-spam/

Reply | Quote

According to David Pogue, clicking on unsubscribe links is now pretty reliable. See his Sept. 1 blog in the New York Times: http://pogue.blogs.nytimes.com/2011/09/01/rethinking-the-never-unsubscribe-rule-for-spam/

He recommends that if you received mail through Constant Contact, a company that many small businesses use to manage their customer emails, you can trust the “Safe Unsubscribe” button. And there are other legitimate mass mailing companies that respect your wishes. But there still are too many “fake” unsubscribe links to recommend just clicking anything.

Reply | Quote

… use a good server based filter (I use MailWasher) to delete the rubbish before it is downloaded.

I beg to differ.

Mailwasher (either Free or Pro) is NOT server-side. It is installed locally on *your* computer.

K9 vs Mailwasher Pro:
K9 is free, but it only works with pop3 mail.

K9 vs Mailwasher Free:
K9 handles multiple mailboxes and adresses, it has no ads or banners, it needs no updates at all; it too can instruct your mail-server to delete the mails you select.

BTW. SpamAssassin is a server-side spamfilter.

Reply | Quote

… Now, I use only GMail, where they have a pretty good Spam Filter, and I can add email addresses to the list of spammers, in the Filters section. …

I use 2 Gmail + 1 AOL addresses. …

DrWho (#8 above) has the ticket: GMail has an excellent filter (what used to be Postini, I believe) …

A bit off topic, sorry.

Granted that Gmail blocks spam very well. I don’t doubt that.

But I don’t fully trust Google to tracelessly erase from their mail-server the mails I want deleted.

I could of course encrypt my outgoing Gmails but that would be a hassle for recipients and my received Gmails would still be in the clear.

Reply | Quote

… (I use MailWasher) to delete the rubbish before it is downloaded.

That used to be an issue in the days of 56 kbps (or less) dial-up and 1 GB (or less) hard disk drives (1996).

But now with 50 mbps bandwith and terabyte HDDs it hardly matters. Whether you delete spam on the server with Mailwasher or K9, or through webmail or locally after downloading, makes very little difference, considering the fact that spam is rarely larger than 100 KB or so and usually between 1 and 25 KB.

Remember that to read the mail directly on the server you have to actually download it first to a temporary cache. How else could you possibly read it?

Reply | Quote

I have two business sites and one personal, with around eleven addresses, so I am fairly protective of my domains and addresses. I use MailWasher and report via SpamCop; it keeps my spam down to about three a day- an acceptable level.

Edit: I never use the Bounce feature in MailWasher EXCEPT when one of my friends forwards an Urban Legend, Internet Rumor or This Is [Unbelievable/True/Outrageous/Fw:Fw:Fw:] emails. They respond by checking with me about the bounce and I explain that I’ve configured my mail servers to bounce all of those idiotic emails… they stop sending me them 🙂

Edit 2: The Russian Spammer Murder? Another Hoax.

Reply | Quote

Remember that to read the mail directly on the server you have to actually download it first to a temporary cache. How else could you possibly read it?

Back in 2005 PC Magazine offered a utility called MailCall, which I still use:
http://www.pcmag.com/article2/0,2817,18206,00.asp
It allows you to design filters which announce different categories of email from your server, view their headers, delete them on the server, or filter them completely.

Along with my personal domain addresses, public email accounts, and ISP filters I am down to a couple of SPAMs a month.

But you all are sure a wealth of info in today’s web world and I appreciate everything I read here. thanks.

Reply | Quote

If you make any kind of reply to a spammer, you are only telling them that they have found a live address, which could then get passed on to other spammers. Far better to ignore, and to use a good server based filter (I use MailWasher) to delete the rubbish before it is downloaded.

According to David Pogue, this no longer is so true. See his Sept. 1 blog in the New York Times: http://pogue.blogs.nytimes.com/2011/09/01/rethinking-the-never-unsubscribe-rule-for-spam/

Reply | Quote

… I do enjoy many of the inventive hoax emails & so regularly browse the spam box for a laugh.

At first this guy wasn’t laughing, but I guess he is now.

Reply | Quote

Off down a different road, called “prevention”……

I have lately received spam, supposedly from two different friends of mine. When I emailed them back asking them if they had sent me the mail, of course they said NO!

The two people are half a continent apart, but they have one horrifying thing in common……they both have their full name for an email address.
I’m not talking behind their backs, when I say this, “That is SOOOOOO STUUUUUUPID!” because I’ve already said it to them personally.
Never, ever, ever, ever, NO NEVER put your real name out there, ANYWHERE! Not on email, NOT on any forum, not anywhere that becomes public information. Once they know your name and ISP, they can trace you down to ‘where you live’. That gets extremely dangerous.

For the greatest safety for you and your entire family, email addresses should be totally NON-Descript. (containing NO real words)
And, for the greatest safety, don’t use the email address that came with your internet connection. (ISP)
An address at GMail or Yahoo, gives no indication of whether you’re in one country or another.
The address you use when communicating with friends and family should also be different than one you use when registering for a newsletter, or signing up for a new forum, etc. Yahoo makes a good place for a throw-away email address.

Stay Safe & Happy Holidays!
😎

Reply | Quote

DrWho (#8 above) has the ticket: GMail has an excellent filter (what used to be Postini, I believe), and if you combine that with a nonsensical and sufficiently long user name that incorporates a couple of hyphens, periods, or underscores (something that brute force address generators aren’t going to produce) you’re pretty much golden.;) (Needless to say, you want to maintain a “garbage” @yahoo.com or @hotmail.com account exclusively for posting to blogs and other web sites.)

The only spam I’ve seen, since going that route, is from friends whose address books have been hijacked. That crap is rare, and easy to spot (when in doubt, a look at the header erases any doubt.)

Retaliation is tempting, but the chances of actually identifying your target are slim — and even if you succeed, at best you’re going to succeed in annoying a scumbag criminal.:mellow: If you get to that point, it’s wiser to advise the relevant authorities, hope they aren’t part of the problem, and get on with your life.

Reply | Quote

I seem to recall of a problem with a spammer in Russia a couple of years back who was flooding Russians with spam. Their solution was a bullet in the head. A bit extreme I agree.

Reply | Quote

I do not receive ANY spam – with two exceptions: (I am using most of the measures outlined by Dr. Who plus a few additional tactics such as temporary emails, multiple emails for different purposes [private, business, subscriptions, etc] and forwarding emails from multiple addresses to “aggregator addresses” )
1. The computer of an associate who was on my white-list got compromised and was used to send out spam.
2. Some spammer in Eastern Europe sent out his spam and forged an email address at one of MY domains as the return address. As a result, I received lots of angry emails complaining about spam that I had not sent out and knew nothing about.
I do not believe automated measures would have helped in either case.
In case number two, I ended up “suspending” my account by setting up an automatic “out-of-office reply” that explained the circumstances to the irate complainers and re-directed them to my website for additional information.
I am reasonably sure that those irate complainers did not feel very proud about their vitriolic complaints once they found out I had not sent the offending messages.

Reply | Quote

Try using Mailwasher to select which senders you want on you friends list and spammers to the blacklist. You can also bounce the spam within Mailwasher. Mailwasher allows you to see message from and subject letting make a decision befor opening the message.

Reply | Quote

Try using Mailwasher to select which senders you want on you friends list and spammers to the blacklist. You can also bounce the spam within Mailwasher.

For the reasons described in other posts in this thread, do NOT bounce mail from Mailwasher. Most likely you will be tormenting an innocent person whose address was forged by the spammer.

Reply | Quote

When I was young and foolish, lol, and in the early days of the internet before spam filters became as efficient as they are now, I took personal offense to those few early pieces of junk and became acquainted with a variety of tools that taught me how to read headers, determine the original isp, whois was more anti-spam oriented then it is now, and there were, probably still are sites devoted to tracking down and punishing the offenders. I would report dutifully to the FTC, I’d send a copy of the original email to the webmaster of the originating isp – most of which were Australia or Japan back then. But as filters have improved, I have mellowed. I have never had a virus or piece of malware make it to any machine I’ve ever used, so that wasn’t it. It was more of a righteous feeling. Which I eventually realized did not serve me. The flow never stopped. I did get the occasional thank you and “we have terminated that account” email back, but it was a hollow victory. So I gave all that up a long time ago, now I check the folder am amused by the letters from the New York Department of Motor Vehicles demanding I open and fill out their attachment and pay my fine – since I’ve never driven in New York I am not much worried about that. I have always known that there was no email tracking program and that Bill Gates was NEVER going to give me anything and I am sure the Director of the FBI isn’t worried about the poor English his minions use while demanding I open their attachments. Amusement, not annoyance. You can’t really retaliate unless you are yourself a hacker capable of unleashing denial of service attacks against offending isps in Russia. I wouldn’t advise that anyway, I hear they have a nasty mob over there. So just check your folder once in a while to be sure nothing real slips in there, I haven’t had a piece of junk land in my actual mailbox in years. I find them silly and just a little bit sad. And just yesterday I got the first Nigerian scam letter I’ve gotten in years, though I was tempted to pick up my 375,000 check, I decided I’d let them keep it, they’re poor over there and can use the money. That doesn’t exist. :^)

Reply | Quote

Here’s another known approach that probably won’t eliminate all your spam, but might give you a possible target for retaliation, at least in some cases.

FIrst, get your own domain name (let’s call it mydomain.com). Get hosting that allows a large (or unlimited) number of email addresses. If this is impractical, you can set up catch-all forwarding, so that any email to your domain still reaches you, even if the addresses are invalid.

Next, any time you give anyone your email address, you make up an personalized email address for them to contact you. Example: buy something from Widgets-R-us? Tell them that your email address is no_spam_from_Widgets-R-us@mydomain.com.

Do this with everyone, or at least everyone with a business presence.

If you start getting spam directed to no_spam_from_Widgets-R-us, and you never used the address for any other purpose, then unless you were seriously hacked, chances are that Widgets-R-us improperly disclosed your email address to a third party. Of course, you have to be fastidious about checking privacy policies, opting out properly, etc., but if you manage this carefully, you’ll have a nice trail of breadcrumbs leading to the original source of the problem.

Reply | Quote

Porsche
I just knew there must be someone else who does this:D. But now you have spilled the beans…

🍻

Just because you don't know where you are going doesn't mean any road will get you there.

Reply | Quote

A few months ago, when I didn’t have much else to do, I thought I’d start retaliating against junk mail. The following method will only work if the sender identified is an e-mail marketing company with identifiable corporate headquarters. I live in France, which has laws requiring such companies to provide a genuine “unsubscribe” option (but who says they don’t sell on your address…?)

I opened the junk mail message and made sure all headers were displayed. I then located the URL that seemed to be sending the mail. I put this URL through http://bgp.he.net/ (and others) to see where it was coming from. If this turns out to be an ISP like Comcast or whoever, all you can do is complain to the ISP. Often however, it will track back to a company using their own servers.

Next, go to that company’s website. The home page will usually be offering e-mail marketing services etc. Try to find the page to sign up for their services as if you were a potential client. This may give you an e-mail address (info@xyz.com or something). Then send a mail to that address asking them to stop sending you junk mail and SET A RETURN RECEIPT.

In a few days you’ll receive back return receipts showing the names and e-mail addressing structure of the employees at that company who have read the mail. You now have some addresses to work with… [evil grin]

The next alternative step is to find out who the head honcho is by looking up the company on the companies registry. You can either call the guy and complain or send him a mail (using the e-mail addressing structure revealed by the earlier mails).

Either way, you now feel empowered to do whatever you want to do. I have contacted a number of companies this way and they have removed my addresses from their databases.

Like the gentleman who doesn’t lean out of windows, I use K9 and like it a lot. If you want a failsafe (but not free) alternative, there’s Mailinblack. This company intercepts your mail and only passes on what you decide is valid.

I have never been infected by any mail links/attachments because I follow the standard advice and trash anything that looks fishy. In the end, using common sense is a good start.

Reply | Quote

… Like the gentleman who doesn’t lean out of windows, I use K9 and like it a lot. …

Hi Marp,

Nice to finally have someone confirm K9’s usefulness.

As for UNsubscribing, that seems to work with European companies and organisations. But I’m getting unsolicited advertising from a Chinese manufacturing company. Their mails don’t have an unsubscribe link and their website has a flaming red WOT score. Moreover, if I were to send a cease & desist E-mail, who’s to say their employees would read and understand English, let alone comply? What to do in such a case?

I suspect the easiest solution is to just continue to have K9 filter and divert their spam.

BTW. I only avoid leaning out of *train* windows!

Reply | Quote

It would take 2-3 years to teach most of my friends how to manage the system you describe, then I would need to start over again. Mine is similar but I have only 5-6 email accounts and use ThunderBird, essentially the same thing as SeaMonkey.
You are correct in that it makes more sence to block/avoid spam than to attempt to prevent it from the users point of things. I believe it is better for ISP’s to atempt to prevent it because of the band width used by spam when totaled up.
I like my Spam thinly sliced and fried in butter.

Reply | Quote

down under ( australia) its illegal for a business to send you spam, i have already reported and seen them prosicuted, fined and shut down for spamming, its about time other countries passed the same laws as we have…ESPECIALLY AMERICA where free speech allows anyone to send anything they like to anyone of any age…. grrrr wake up world its not free speach its free criminal actions you allow

Reply | Quote