[LINK] spam question

[Adam Todd]

At 07:16 13/10/01 +1000, Jan Whitaker wrote:
>I'm scratching my head.  Each day I'm receiving more spam, and not just 
>the stupid Nigeria/Lagos/Sierra Leone/next African nation money scam, but 
>lots of e-tail stuff in ridiculous HTML, sometimes with links to the web 
>embedded, etc etc.

IT's getting bigger huh!  I clean out about 80 to 90 message a day.  It's 
funny you should mention this too, because earlier in the week someone 
posted a news article (Tony B I think) about Email and Web ads failing now 
because consumers just ignore it.

>The quandary is that everyone who has thought about this invasion says to 
>NOT reply, despite the invitation to do so on these posts because that 
>verifies the address.

DO NOT REPLY.  IN fact, if you can avoid it, do NOT even VIEW the HTML.

Those little web bugs are really smart.  I was looking at one the other 
day, it has an encrypted (loosely) string in the html, when you VIEW the 
message, it tells the server via a very smart CGI, that you have READ the 
message.  Thus your e-mail address works.  Then the number of messages 
increases from a wider variety of places.

Unfortunately for the "average" user, they can't easily pre-scan their mail.

I'm actually considering an AUTO BOUNCE message at the SMTP point of 
delivery that simply rejects anything with X-html in it, at least to me.

>And if you read the fine print under the US legislation that is often 
>quoted, they justify doing this spam because the law says the can if they 
>put this opt-out option on the piece, NOT that they actually take you off 
>the list.

But they do take you off "the one" list that was used "the one time" for 
the "one announcement" and then add you to 500 more lists.

>So, short of mail bombing the sender from a hotmail address in 
>retaliation, does anyone have any advice?

Read your subjects headers, if they look "unusual" or "unexpected" move the 
message to a "holding" folder and leave it there.  Do NOT open it.  Do NOT 
preview it.  If you can, save them as ASCII to a file and view the ASCI 
using notepad or some other viewer, but do NOT open the message in anything 
that has ACTIVE HTML in it.

If someone is trying to e-mail you, they will send you a message again in a 
few days with a different subject (normally).  I rarely miss any these days 
which is good.

Filtering is your friend, use LOTS of filters to pull out everything your 
expecting.  You can almost always as a "last" filter, put everything from 
hotmail, yahoo etc into a HOLDING folder for later review.  If you know 
people who use these, then add their addresses earlier in your filters and 
put them into their own folder or into a "friends" folder.

>When it was text mail, delete was acceptable, but now it's getting nasty.

Web Bugs :)  I got one the other day, fortunately on an email address that 
is "faked" anyway, so I thought I'd test it.  Read the message, viewed the 
source, sused out the CGI, (which I broke into and actually gained access 
to the source code BTW with no effort at all) and the next day - 30 new 
messages to that address.

The address has since been deleted so it's now non existant.

The other suggestion I have is use a product like MyName 
http://myname.inau.com/  where you can set up a unique email address for 
everyone you deal with that then delivers all the mail into your one mail 
box.  I have hundreds:

telstra-sales@todd ...
integral@todd
ewon@todd
link@todd
isp-aus@todd
interop@todd   (which was deleted recently because they sold it to
                 informix who then bombarded me with irrelevant material
                 about things I have no interest in.

I think you get the picture :)