rec.sport.triathlon
rec.sport.swimming
rec.ponds
rec.aquaria.marine.reefs

Mail is being returned to me because it contains a virus, mail that
supposedly COMES FROM ME. I looked up a few names that I'm supposedly
sending infested mail to and they are on the four newsgroups that I
occasionally frequent. There are not many being returned, but I imagine
there are many more being received. Of course, everyone knows better
than to open any attachments and I definitely have not done so, so I
don't know how this happened. If your mail appears to be from me, it is
NOT. Toss it. I have also received similar wormy notes from some of
you who I definitely know would not send such slimy stuff.

Ruth Kazez

If the email address in your header is real, you may want to consider
putting a fake one in there, or "munging" it. There are automated
bots on USENET that harvest email addresses.

--

billy
--
Need tech help?
news://news.winextra.com
"rtk" > wrote in message
...
|

Thanks. I did mess it up, tried answering myself, and happily received
nothing. I got one of those fake wormy things supposedly from Marc, of
all people. I would imagine everyone did. There's an especially slimy
*troller* (troller sounds too playful for this kind of evil) here on
ramr who does a lot of that sort of thing.

ruth k

Dinky wrote:
> If the email address in your header is real, you may want to consider
> putting a fake one in there, or "munging" it. There are automated
> bots on USENET that harvest email addresses.
>

I run virus scans daily, and there is no way a worm or any other virus is being
transmitted by my system.

Marc

rtk wrote:

> Thanks. I did mess it up, tried answering myself, and happily received
> nothing. I got one of those fake wormy things supposedly from Marc, of
> all people. I would imagine everyone did. There's an especially slimy
> *troller* (troller sounds too playful for this kind of evil) here on
> ramr who does a lot of that sort of thing.
>
> ruth k
>
> Dinky wrote:
> > If the email address in your header is real, you may want to consider
> > putting a fake one in there, or "munging" it. There are automated
> > bots on USENET that harvest email addresses.
> >

--
Personal Page: http://www.sparklingfloorservice.com/oanda/index.html
Business Page: http://www.sparklingfloorservice.com
Marine Hobbyist: http://www.melevsreef.com

"""Of course, everyone knows better than to open any attachments and I
definitely have not done so"""

Opening attachements is no longer a requirement for delivery of a virus,
see:

http://story.news.yahoo.com/news?tmpl=story&cid=620&e=1&u=/nf/20040319/bs_nf/23458



"rtk" > wrote in message
...
> rec.sport.triathlon
> rec.sport.swimming
> rec.ponds
> rec.aquaria.marine.reefs
>
> Mail is being returned to me because it contains a virus, mail that
> supposedly COMES FROM ME. I looked up a few names that I'm supposedly
> sending infested mail to and they are on the four newsgroups that I
> occasionally frequent. There are not many being returned, but I imagine
> there are many more being received. Of course, everyone knows better
> than to open any attachments and I definitely have not done so, so I
> don't know how this happened. If your mail appears to be from me, it is
> NOT. Toss it. I have also received similar wormy notes from some of
> you who I definitely know would not send such slimy stuff.
>
> Ruth Kazez
>

Marc Levenson wrote:

> I run virus scans daily, and there is no way a worm or any other virus is being
> transmitted by my system.

So do I. Also, I use a Mac and couldn't open an exe file if I wanted
to, but as Chris Taylor pointed to:

http://story.news.yahoo.com/news?tmpl=story&cid=620&e=1&u=/nf/20040319/bs_nf/23458

I no longer even have to open an attachment to have my name lifted and
dropped in the From line of any garbage. Very annoying.

Ruth Kazez

Hi Marc

We LOG everything that goes out the wire!
No e-mail left my computer, yet I got a little over 200 bounced mail
notices in my inbox one day.
I often get spam with my own adr in the from field.
I do NOT have any address lists in my computer in places where bots
look for them.
Obviously some spam got through to angry folks I don't even know as I
received e-mails from them for spamming.
I forwarded many of them to my ISP and he looked at a part of the
headers I assume my program does not allow.
He tracked down their source and blocked anything from that source
through his system, just as he does most other spammers.

I was told a few months ago, whether it be true or not I don't know,
that many ISPs are verifying source before distributing mail to their
clients. Although I have access to a spamproof mail server I don't
use it, yet my junk mail has dropped to less than 1/4 of what it was a
month ago.
But nonetheless, what spam does come in goes straight to trash, less
than 1% squeezes through the cracks.

A filter trick you may like to use yourself is to filter to trash all
e-mail that contains characters above 0191. I also filter most
keyboard punctuation characters that are normally used only by
spammers.
Most legit e-mail does not contain a bar symbol, tilde's, or
characters above 0191, etc. Unless you expect unusual international
e-mail.

If a period is not followed by a space, or actually if a period is
followed by a standard character, it is filtered to trash. A good
majority of spammers use a period to separate words. But in normal
usage a period is most often followed by a space or two. Except in
numbers of course. So if you filter a . followed by the wildcard for
character not numeral, you will eliminate more than 2/3 of the spam
you receive with only one filter entry.

TTUL
Gary

Wow, thanks for the article. GEEZE!!!!

If they have a version of MailWasher Pro for your Mac, you should use it. It views
the Email at the server rather than on your own computer. After you delete all the
garbage (bouncing it back as undeliverable), you only download the email you want to
read and/or reply to.

Marc

rtk wrote:

> Marc Levenson wrote:
>
> > I run virus scans daily, and there is no way a worm or any other virus is being
> > transmitted by my system.
>
> So do I. Also, I use a Mac and couldn't open an exe file if I wanted
> to, but as Chris Taylor pointed to:
>
> http://story.news.yahoo.com/news?tmpl=story&cid=620&e=1&u=/nf/20040319/bs_nf/23458
>
> I no longer even have to open an attachment to have my name lifted and
> dropped in the From line of any garbage. Very annoying.
>
> Ruth Kazez

--
Personal Page: http://www.sparklingfloorservice.com/oanda/index.html
Business Page: http://www.sparklingfloorservice.com
Marine Hobbyist: http://www.melevsreef.com

Your filters sounds excellent. I've got some pretty convoluted ones myself, and
for a while there one guy simply could not penetrate my fortress of security.
LOL

I'm going to look at what little bit of junk continues to survive the process
and see if some of your suggestions need to be implemented as well. Thanks.

Marc


"Gary V. Deutschmann, Sr." wrote:

> Hi Marc
>
> We LOG everything that goes out the wire!
> No e-mail left my computer, yet I got a little over 200 bounced mail
> notices in my inbox one day.
> I often get spam with my own adr in the from field.
> I do NOT have any address lists in my computer in places where bots
> look for them.
> Obviously some spam got through to angry folks I don't even know as I
> received e-mails from them for spamming.
> I forwarded many of them to my ISP and he looked at a part of the
> headers I assume my program does not allow.
> He tracked down their source and blocked anything from that source
> through his system, just as he does most other spammers.
>
> I was told a few months ago, whether it be true or not I don't know,
> that many ISPs are verifying source before distributing mail to their
> clients. Although I have access to a spamproof mail server I don't
> use it, yet my junk mail has dropped to less than 1/4 of what it was a
> month ago.
> But nonetheless, what spam does come in goes straight to trash, less
> than 1% squeezes through the cracks.
>
> A filter trick you may like to use yourself is to filter to trash all
> e-mail that contains characters above 0191. I also filter most
> keyboard punctuation characters that are normally used only by
> spammers.
> Most legit e-mail does not contain a bar symbol, tilde's, or
> characters above 0191, etc. Unless you expect unusual international
> e-mail.
>
> If a period is not followed by a space, or actually if a period is
> followed by a standard character, it is filtered to trash. A good
> majority of spammers use a period to separate words. But in normal
> usage a period is most often followed by a space or two. Except in
> numbers of course. So if you filter a . followed by the wildcard for
> character not numeral, you will eliminate more than 2/3 of the spam
> you receive with only one filter entry.
>
> TTUL
> Gary

--
Personal Page: http://www.sparklingfloorservice.com/oanda/index.html
Business Page: http://www.sparklingfloorservice.com
Marine Hobbyist: http://www.melevsreef.com

Hi Marc

At one time I was naive enough to think that filtering fraudulent
domains would suffice. But these jokers make them up by the millions
and I couldn't keep up with them all.

Using certain characters in your filter set, such as ~ ` @ # $ % * + |
^ knocks out a very high percentage of spam. These characters are not
usually used in the Subject line of most legit e-mails.

You can make a friends list of sorts, by filtering known acquaintences
to a different inbox folder. Or if your a business, supply a filter
code to them that they should put in the subject line. My filters
look for a simple 4 letter code first and if found, moves that inbound
mail into a client mailbox. Saves me tons of time and trouble.

If your filter system allows double or triple options, you can also
include the period. In option one it looks for a period, in option
two it looks for a whitespace. If a whitespace is NOT found, it goes
to option three and looks for a numerical character. If a numerical
character is found the mail goes to trash.

In my filter system using only two options, option one looks for a
period, if found it checks option two. If option 2 is either a
whitespace OR a numerical character, it goes to inbox, else it goes to
trash.

My filters check the FROM field and if it finds my own adr it dumps to
trash.
As a secondary backup to the above, after it finds my own adr, it then
checks option two, which looks to see if the screen name is different
than my own. If NOT blank and is different, it dumps to trash.

Blank subject lines are common as are glibbledy glock screen names.
I do filter 4 to 6 letters in sequence that are not common adrs and
often used by spammers, EG: zxcv, xcvb, cvbn, vbnm, etc. If you watch
the headers of the spam that does eke through, don't use the whole adr
before the @ symbol and don't use the @ symbol in your filter, just
the sequence of letters and try to use only 4 of them or 6 if you find
you could be filtering out wanted mail.

Of the 130 to 200 spam mails I get per day, only about 1 to 3 squeek
through the filters, and I often analyze them to see why. Normally I
will block the sending domain it originated from. Not all filters
allow blocking certain header information. And not all readers show
the full and complete headers.
It's fairly easy to set a filter for characters above 0191 by using
the twin option and setting them as a range of characters.

TTUL
Gary