Stock tip spam emails?

I've been getting daily spam emails from someone giving stockmarket tips. Each email recommends one stock. Although each email is obviously coming from the same spammer (since the formats are identical), each email appears to be coming from a different email address. I presume the sender is using some spamming software that sends via other people's email addresses somehow.

Does anyone know who this is and how to stop the spam? Obviously blocking one email address is useless since each time it comes from a different email address!

Thanks,

Al D

Reply to
Al Deveron
Loading thread data ...

lot of talk on the net about this, here's one article (which reckons this makes up 30% of spam ATM)

Its difficult to get rid of it automagically. The main way is to only accept messages from sources whose email address is in your address book.

Reply to
Tumbleweed

p.s I saw an analysis that reckons that the average profit from each scammed stock is $1M! What annoys me is NOT the spammers, but the morons that buy the stock, the blue tablets, etc.

Reply to
Tumbleweed

Hmm... Thanks for the suggestion, but that would be impractical in my case. I think I'll have to put up with it. If it multiplies, I'll have to change my email address. That means reconfiguring scripts and notifying a lot of people, but it's probably the only way.

Al D

Reply to
Al Deveron

email addresses are the easiest things to forge. Although SPF is a new system that may fix the p.roblem

Unlikely, as there's to many ISPs that allow spammer to ply their trade.

It's too late now but -

1) Don't use your ISPs email as it prevents you easily changing ISP.

2) Don't give you address to non UK commercial organisations, use the free Sneakmail redirection service.

3) Giving you email address to UK organisations is OK as they have to abide by the data protection act.

4) Ask you ISP if they use SPF and if not, why not.

Who is your email provider ? They don't sound very good. I released a Sneakmail address on this forum to see the level of spam and Hotmail puts about 99% straight in the junk mail folder, so I never get to see it.

There's loads of guides on tracking the source of spam emails.

Daytona

Reply to
Daytona

Yes, I'm getting these at the rate of no more than one a day. The sending e-mail addresses seem to be of the form jumbleofletters@apparentlyinnocentsite ( eg snipped-for-privacy@franchecomte.com). Whether they have just spoofed the address or have hijacked the site to send mail I've no idea.

At the moment they are not frequent enough to bother me, being just about the only junk mail I get.

Reply to
dtren

How about something like Mailwasher - if you don't expect to receive mail from unknown people from latin america / asia-pacific region, block those IP ranges automatically if they appear anywhere in the email header...

Three simple filters and a blacklist of country codes I don't expect to get email from currently block just on 50% of all my spam (of which I get around 250 per day across several accounts, down from 580 per day) - my other filters take out about 45-47% of the remainder (i`ve got something like a 95-97% spam markup rate).

If you have dealings with a particular company in one of the "blocked" areas, simply add their domain to the "friends" list.

I'll post my APNIC / LACNIC filters here, and can post my country blocklist if necessary - I have just under 100 on there, with some specific known spamming domains named.

(reform the lines so each "enabled" line is a new seperate line when line wrap is switched off)

[enabled],"APNIC 1","APNIC 1",8388863,OR,Delete,EntireHeader,containsRE, (\(|\[)58.,EntireHeader,containsRE,(\(|\[)59.,EntireHeader,containsRE, (\(|\[)60.,EntireHeader,containsRE,(\(|\[)61.,EntireHeader,containsRE, (\(|\[)121.,EntireHeader,containsRE,(\(|\[)122.,EntireHeader,containsRE, (\(|\[)123.,EntireHeader,containsRE,(\(|\[)124.,EntireHeader,containsRE, (\(|\[)125.,EntireHeader,containsRE,(\(|\[)126. [enabled],"APNIC 2","APNIC 2",8388863,OR,Delete,EntireHeader,containsRE, (\(|\[)202.,EntireHeader,containsRE,(\(|\[)203.,EntireHeader,containsRE, (\(|\[)210.,EntireHeader,containsRE,(\(|\[)211.,EntireHeader,containsRE, (\(|\[)218.,EntireHeader,containsRE,(\(|\[)219.,EntireHeader,containsRE, (\(|\[)220.,EntireHeader,containsRE,(\(|\[)221.,EntireHeader,containsRE, (\(|\[)222. [enabled],LACNIC,LACNIC,128,OR,Delete,EntireHeader,containsRE,(\(|\[) 189.,EntireHeader,containsRE,(\(|\[)190.,EntireHeader,containsRE,(\(|\[) 200.,EntireHeader,containsRE,(\(|\[)201.,EntireHeader,containsRE,(\(|\[) 148.((20[8-9])|(21[0-9])|(22[0-3]))\.,EntireHeader,contains,"### (148.208. -> (148.223. ###"

If can manually work out the IP ranges i`m blocking to incorporate them into your own filters - APNIC is easy i.e. "(58." is blocked, as is "[58."

LACNIC gets a little messier at the end, but the bit between the ###`s are a text description of the regexpr range blocked by the preceding argument.

Reply to
Colin Wilson

The address book idea is a good one in theory, but in practice you probably don't want everybody who ever sent you something which is not spam in there. What about the first email you get from somebody genuine?

I too get masses of this junk. Often it's not plain text, but a GIF. Fortunately my ISP (ntl) intercepts most as spam, and Thunderbird traps some more as junk.

You can change your email address, but it will probably start again sooner rather than later. If I knew where these scum got the email addresses from in the first place... I suspect that unscrupulous ISP employees sell lists of email addresses - or the ISP sites are hacked. Many of the emails are bcc-ed to me, with the visible recipient somewhere close to me alphabetically, which suggests that they have obtained lists of email addresses.

Reply to
BrianW

The email protocols don't include any authentication. You can spoof any email address you like, and this doesn't necessarily mean that the ISP concerned was in any way involved. Until the protocols are improved, spam will continue apace.

Reply to
BrianW

That sounds like a good tip - thanks. I will look into this Sneakmail.

In this case, it was AOL.

But I also run a commercial website and would like to tell my customers (world-wide) my email address @mydomain.com. I used to do this but by domain soon got so bombarded with so much spam that it beame almost unusable. Now I have registered a new domain name and am wondering if you (or anyone) can offer any tips on publicising my email address @mydomain.com while staying protected from spam. Perhaps your abovementioned Sneakmail is the answer...

Thanks,

Al D

Reply to
Al Deveron

Thanks for the suggestion, but it is a bit awkward in my case, because I need to be able to receive emails from total strangers, world-wide, e.g., people who see my advertisements in magazines and at my commercial website. I daren't do anything that might block a legitimate business enquiry from a stranger.

Cheers,

Al D

Reply to
Al Deveron

Depending on how you plan to publicise your site (i.e. putting a "contact" link on your site) - there are a couple of ways of preventing automated email address harvesting

1) post the email address as an image - readable by humans, but harder for a spambot to grab (let the end user type the email address manually) 2) force a subject line into any clicks on the link with a specific keyword / phrase that you can mark up as legitimate by default (this way you provide a link, but have a secondary means of verifying the authenticity) 3) use something other than webmaster@ / sales@ because these are common defaults for spam attacks - perhaps use something like webadmin@

- you could also bolster (1) above by asking anyone emailing you to include this word / phrase in the subject line

Reply to
Colin Wilson

OK, seems fair enough - per my other reply, try forcing a subject line for legitimate enquiries - while this isn't really ideal for tracking genuine requestors, you can add them to a "whitelist" or ask them not to alter the subject line in future responses to enable you to filter them quickly :-}

What operating system are you using ? - how about using one of the "learning" bayesian filtering systems to make educated guesses at the authenticity of incoming mail ? (such as

formatting link

Reply to
Colin Wilson

I just had a quick check, and from 3,021 emails over the last two weeks only 11* had to marked for deletion by hand - and only 58 of the total were legitimate or from a "friendly" source.

*typically from one-off compromised machines, which aren't worth creating filters for
Reply to
Colin Wilson

You need to disguise the E-Mail address you present on the web site so that it can't be found by spammers scanning programs, there are a number of ways of doing this:-

Provide a form for enquiries, no visible E-Mail address at all. I presonally don't like this because it prevents me from retaining a record of enquiries I have sent.

Put the E-mail address on the site as an image (e.g. a gif or a jpg file). The sender has to enter it manually then though, you can't cut and paste it.

Obfuscate the E-Mail address so that it isn't obviously a mailto: link. I think one way of doing this is to use the 'special character' sequences such as %20 for space but do a Google search and I'm sure you'll find details. This is the best method from the users' point of view as the E-mail link will work completely normally.

Reply to
tinnews

This script requires JavaScript, which most browsers have by default. I receive absolutely no spam.

I have improved it by using the ASCII codes instead of the letters. Place a percent in front of the ASCII Hex value of each letter to encode your name.

My email address is protected by JavaScript encryption. Please enable JavaScript on your browser if you wish to contact me.

Reply to
Daytona

BeanSmart website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.