Possible Threat
Simon
Sorry for the dramatic header but...
I received some SPAM telling me I had a greeting card waiting. As FF is
usually pretty secure, I decided to have a look at the page to see what it
would try to do. As soon as the page started loading, firefox closed with no
warnings/errors. When restarted I got the "Restore Session"/"Start New
Session" option which I usually only get after a crash/powercut.
I've tried a number of times to open the link but have had the same result
every time. I don't dare look at it in IE.
SO, if you're interested, the URL is:
http://76.50.82.154/?ec290b516c3c2cd8a7c0b58e47
but to emphasise: There is a possibility that this link may cause problems
for your machine. I don't know what it does so cannot be more specific. I'd
appreciate someone else's opinion
Regards,
Simon
Tom Willett
"Simon" <povray@*NOSPAM*SOWare.co.uk> wrote in message
news:arKdnVKio46ByDvb...@mozilla.org...
The greeting card spam is for a virus/trojan/malware that has been around
for some time.
Tom
Simon
"Tom Willett" <tomp...@mvps.invalid> wrote in message
news:_ISdnVmJiNQkyjvb...@mozilla.org...
squaredancer
generate the following:? :
collegue, a neighbour, a friend) " a day. All go straight to the trashbin...
reg
Bob Howard
"squaredancer" <square...@t-online.de> wrote in message
news:taadnXK60PK7EDrb...@mozilla.org...
I use MailWasher --- it's a big help! Bob
squaredancer
same here.... bounce and delete!
reg
goodwin
>>
>> I use MailWasher --- it's a big help! Bob
>>
>>
>>
>
> same here.... bounce and delete!
>
> reg
Your bounces with mailwasher are adding to the abuse of the net - you've
been around long enough to know this. While mailwasher has its points,
bouncing is one of the worst conceived of its options.
You are adding to/creating backscatter, no matter how satisfying the
feeling may be.
Bob Howard
"goodwin" <conn...@cox.net> wrote in message
news:A_2dnUH4LOp9hzXb...@mozilla.org...
But after bouncing someone, they take me off their mailing list and --- I
think that cuts down on traffic. If I didn't bounce them, I would continue
receiving their junk over and over. So my "investment" of one bounce may
very well eliminate much future traffic.
Bob
Ron K.
My ISP spam and virus trap is quarantining all those because of malware.
--
Ron K.
Don't be a fonted, it's just type casting
goodwin
Spammers don't pay attention to the bounces at all, Bob, they ignore them.
You think you get listwashed by a bounce?
Who are you listening to?
Ron Hunter
--
Ron Hunter rphu...@charter.net
squaredancer
generate the following:? :
maybe you don't understand the way MW bounces - or the whole idea of a
bounce??
Porting eMail through relays is supposed to be "regulated" - I read
someplace that the relay is required to check the previous (incoming)
source for validity.
MW bounces down the "received from IP..." line, and then the bounce goes
all the way through the "checked as valid" IPs. Then, at the end of the
line, it hits the relay that passed the mail from an unchecked source -
ain't that a shame... the bounce can't be passed on and sits there on
the relay server!
My heart bleeds for the operator!
reg
caver1
I've gotten a few that the address starts with- ' '' '. When I try to
bounce them I get- originating address is not valid cannot be bounced.
Never seen that before.
caver1
Chris Jahn
news:gqudnV-EqLhXgTXb...@mozilla.org:
>
> "goodwin" <conn...@cox.net> wrote in message
> news:A_2dnUH4LOp9hzXb...@mozilla.org...
>> On 7/25/2007 1:05 PM squaredancer replied:
>>
>>>>
>>>> I use MailWasher --- it's a big help! Bob
>>>>
>>>>
>>>>
>>>
>>> same here.... bounce and delete!
>>>
>>> reg
>>
>> Your bounces with mailwasher are adding to the abuse of the
>> net - you've been around long enough to know this. While
>> mailwasher has its points, bouncing is one of the worst
>> conceived of its options.
>>
>> You are adding to/creating backscatter, no matter how
>> satisfying the feeling may be.
>
> But after bouncing someone, they take me off their mailing
> list and -
No, they don't. Most never even recieve your bounce because they
use a fraudulent replyto address.
--
Mozilla & Netscape FAQs: http://www.ufaq.org/
Mozilla/Firefox/Thunderbird/Seamonkey solutions: http://ilias.ca/
Web page validation: http://validator.w3.org
About Mozilla: http://www.mozilla.org
The most important thing in communication is hearing what isn't
said. (Peter Drucker)
mike hudon
Jay Garcia
--- Original Message ---
Same here on my server. I have two users that insist on bouncing spam
even after threats to ban their accounts.
--
Jay Garcia Netscape/Mozilla Champion
UFAQ - http://www.UFAQ.org
Jay Garcia
--- Original Message ---
Spammers don't use valid return email addresses. You're wasting your
time bouncing spam mail. You very very seldom, if ever, get spam from
the same address so you think that your bounce was effective. Not so ..
Report spam to www.spamcop.net as that is way more effective and if
SpamCop gets many reports for the same spam they get added to the RBL
(Real Time Blacklist) database.
Andrew DeFaria
Andrew DeFaria
There are a number of mechanical devices which increase sexual arousal, particularly in women. Chief among these is the Mercedes-Benz 380SL.
Jay Garcia
--- Original Message ---
> It's not my job to be concerned with the overhead that is generated when
> somebody else violates me. I feel the same way when I come out of a
> store and somebody has littered some flyer onto my car. How dare they!
> And I feel no ill will removing it from my car nor no compulsion to find
> a garbage can with which to deposit said refuge. I did not litter - they
> did! On my car!! And I should not be put into work, enslaved if you
> will, to clean up after them. You wanna stop such garbage? Go after them!
Bouncing the email has no effect, the same as you balling up that flyer
to throw it at the one who put it on your windshield. :-)
Report 'em to flyercop.
goodwin
> On 26.07.2007 05:55, CET - what odd quirk of fate caused goodwin to
> generate the following:? :
>> On 7/25/2007 1:05 PM squaredancer replied:
>>
>>
>>>> I use MailWasher --- it's a big help! Bob
>>>>
>>>>
>>>>
>>>>
>>> same here.... bounce and delete!
>>>
>>> reg
>>>
>>
>> Your bounces with mailwasher are adding to the abuse of the net - you've
>> been around long enough to know this. While mailwasher has its points,
>> bouncing is one of the worst conceived of its options.
>>
>> You are adding to/creating backscatter, no matter how satisfying the
>> feeling may be.
>>
>
> maybe you don't understand the way MW bounces - or the whole idea of a
> bounce??
>
do you know what backscatter is?
see http://www.dontbouncespam.org/
> Porting eMail through relays is supposed to be "regulated" - I read
> someplace that the relay is required to check the previous (incoming)
> source for validity.
except for open relays
> MW bounces down the "received from IP..." line, and then the bounce goes
> all the way through the "checked as valid" IPs. Then, at the end of the
> line, it hits the relay that passed the mail from an unchecked source -
> ain't that a shame... the bounce can't be passed on and sits there on
> the relay server!
> My heart bleeds for the operator!
and has accomplished just what?
>
> reg
clay
> On 25.07.2007 23:05, Bob Howard wrote:
>
> --- Original Message ---
>
>> "goodwin" <conn...@cox.net> wrote in message
>> news:A_2dnUH4LOp9hzXb...@mozilla.org...
>>> On 7/25/2007 1:05 PM squaredancer replied:
>>>
>>>>>
>>>>> I use MailWasher --- it's a big help! Bob
>>>>>
>>>>>
>>>>>
>>>>
>>>> same here.... bounce and delete!
>>>>
>>>> reg
>>>
>>> Your bounces with mailwasher are adding to the abuse of the net - you've
>>> been around long enough to know this. While mailwasher has its points,
>>> bouncing is one of the worst conceived of its options.
>>>
>>> You are adding to/creating backscatter, no matter how satisfying the
>>> feeling may be.
>>
>> But after bouncing someone, they take me off their mailing list and --- I
>> think that cuts down on traffic. If I didn't bounce them, I would continue
>> receiving their junk over and over. So my "investment" of one bounce may
>> very well eliminate much future traffic.
>>
>> Bob
>>
>>
>
> Spammers don't use valid return email addresses. You're wasting your
> time bouncing spam mail. You very very seldom, if ever, get spam from
> the same address so you think that your bounce was effective. Not so ..
>
...appears to be down for maintenance atm.
I'd like to take an active roll in reducing spam but have yet to find
the lazy man's howto so I can get started.
MC Dan purports to be the resident expert on the topic. Maybe he would
share his methods...
--
100% money back guarantee!
If at any time you are dissatisfied with the performance of your Mozilla
product, feel free to return it for a complete refund of your full
purchase price...
Phillip M. Jones, C.E.T
I use two email accounts I leave it alone and the spam can spam that
address all the the time to their hearts content. I have set up through
my ISP what types to put in their junk filter and to dump after 7 days.
once a week I look to see if anything go put in by mistake. I will go
ahead and empty.
on my account I use I have the SM/FF/TB Junk filters setup and they send
to junk. On that account, I average about the same amount or less each time.
Now if I receive Phishing letters even from financial institutions I
have no part of; I send to abuse or spoof address they have set by
forwarding the message and let them deal with.
--
------------------------------------------------------------------------
Phillip M. Jones, CET http://www.vpea.org
If it's "fixed", don't "break it"! mailto:pjo...@kimbanet.com
http://www.kimbanet.com/~pjones/default.htm
Mac G4-500, OSX.3.9 Mac 17" PowerBook G4-1.67 Gb, OSX.4.10
------------------------------------------------------------------------
Phillip M. Jones, C.E.T
head, might help ;-)
squaredancer
generate the following:? :
please, DO NOT start Dan, Dan the Moz Champ Man off on his 99.8% rant...
I'LL just die, if I have to read all that squap again!
reg
squaredancer
> On 7/26/2007 3:21 AM squaredancer inquired:
>
>
>> On 26.07.2007 05:55, CET - what odd quirk of fate caused goodwin to
>> generate the following:? :
>>
>>> On 7/25/2007 1:05 PM squaredancer replied:
>>>
>>>
>>>
>>>>> I use MailWasher --- it's a big help! Bob
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>> same here.... bounce and delete!
>>>>
>>>> reg
>>>>
>>>>
>>> Your bounces with mailwasher are adding to the abuse of the net - you've
>>> been around long enough to know this. While mailwasher has its points,
>>> bouncing is one of the worst conceived of its options.
>>>
>>> You are adding to/creating backscatter, no matter how satisfying the
>>> feeling may be.
>>>
>>>
>> maybe you don't understand the way MW bounces - or the whole idea of a
>> bounce??
>>
>>
>
> do you know what backscatter is?
> see http://www.dontbouncespam.org/
>
as I said (and you didn't seem to read) - those guys are the ones that
end up with the bounced mail.... and Good Luck to them!
>
>> Porting eMail through relays is supposed to be "regulated" - I read
>> someplace that the relay is required to check the previous (incoming)
>> source for validity.
>>
>
> except for open relays
>
It seems you really don't understand the bounce system--- "open relays"
are the ones that get "stuck" with the bounces... the ones that are at
the end of the bounce-line on valid IPs... fill 'em up with shit... do
I care???
>
>> MW bounces down the "received from IP..." line, and then the bounce goes
>> all the way through the "checked as valid" IPs. Then, at the end of the
>> line, it hits the relay that passed the mail from an unchecked source -
>> ain't that a shame... the bounce can't be passed on and sits there on
>> the relay server!
>> My heart bleeds for the operator!
>>
>
> and has accomplished just what?
>
Vampires don't bother with me any more :-P
>
>> reg
>>
squaredancer
generate the following:? :
be poluted with block-ups... it "should" pass the bounce on to the
previous (valid) 'received from IP...'
If your server is not checking the validity of incoming mail relay-IPs,
then it is not set up properly!
reg
Blinky the Shark
>> maybe you don't understand the way MW bounces - or the whole idea of a
>> bounce??
>>
>>
> do you know what backscatter is?
> see http://www.dontbouncespam.org/
Good link. Thanks for that. <saved to my Clues folder>
--
Blinky RLU 297263
Killing all posts from Google Groups
The Usenet Improvement Project: http://blinkynet.net/comp/uip5.html
Andrew DeFaria
On 26.07.2007 09:43, Andrew DeFaria wrote:
It's not my job to be concerned with the overhead that is generated when somebody else violates me. I feel the same way when I come out of a store and somebody has littered some flyer onto my car. How dare they! And I feel no ill will removing it from my car nor no compulsion to find a garbage can with which to deposit said refuge. I did not litter - they did! On my car!! And I should not be put into work, enslaved if you will, to clean up after them. You wanna stop such garbage? Go after them!Bouncing the email has no effect,
the same as you balling up that flyer to throw it at the one who put it on your windshield. :-)
Report 'em to flyercop.
Jay Garcia
--- Original Message ---
>> Report 'em to flyercop.
> You report'em to the flyercop. Again it's not my job.
Why, it's your window, not mine. ;-)
F'up set to .general
squaredancer
generate the following:? :
squaredancer
generate the following:? :
bounce??
Porting eMail through relays is supposed to be "regulated" - I read
someplace that the relay is required to check the previous (incoming)
source for validity.
MW bounces down the "received from IP..." line, and then the bounce goes
all the way through the "checked as valid" IPs. Then, at the end of the
line, it hits the relay that passed the mail from an unchecked source -
ain't that a shame... the bounce can't be passed on and sits there on
the relay server!
My heart bleeds for the operator!
reg
squaredancer
> On 7/26/2007 3:21 AM squaredancer inquired:
>
>
>> On 26.07.2007 05:55, CET - what odd quirk of fate caused goodwin to
>> generate the following:? :
>>
>>> On 7/25/2007 1:05 PM squaredancer replied:
>>>
>>>
>>>
>>>>> I use MailWasher --- it's a big help! Bob
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>> same here.... bounce and delete!
>>>>
>>>> reg
>>>>
>>>>
>>> Your bounces with mailwasher are adding to the abuse of the net - you've
>>> been around long enough to know this. While mailwasher has its points,
>>> bouncing is one of the worst conceived of its options.
>>>
>>> You are adding to/creating backscatter, no matter how satisfying the
>>> feeling may be.
>>>
>>>
>> maybe you don't understand the way MW bounces - or the whole idea of a
>> bounce??
>>
>>
>
> do you know what backscatter is?
> see http://www.dontbouncespam.org/
>
end up with the bounced mail.... and Good Luck to them!
>
>> someplace that the relay is required to check the previous (incoming)
>> source for validity.
>>
>
> except for open relays
>
It seems you really don't understand the bounce system--- "open relays"
are the ones that get "stuck" with the bounces... the ones that are at
the end of the bounce-line on valid IPs... fill 'em up with shit... do
I care???
>
>> MW bounces down the "received from IP..." line, and then the bounce goes
>> all the way through the "checked as valid" IPs. Then, at the end of the
>> line, it hits the relay that passed the mail from an unchecked source -
>> ain't that a shame... the bounce can't be passed on and sits there on
>> the relay server!
>> My heart bleeds for the operator!
>>
>
> and has accomplished just what?
>
Vampires don't bother with me any more :-P
>
>> reg
>>
squaredancer
generate the following:? :
> squaredancer <square...@t-online.de> wrote in
> news:VfidnW3t08CQnzfb...@mozilla.org:
>
>> It seems you really don't understand the bounce system--- "open relays"
>> are the ones that get "stuck" with the bounces... the ones that are at
>> the end of the bounce-line on valid IPs... fill 'em up with shit... do
>> I care???
>>
>
> to email address in either the From:, Return-Path:, or Sender: header,
> depending on which is available in a particular email. These email
> addresses are typically spoofed by the actual spammer. When I get these
> bounced messages to my inbox as a result of messages that I didn't send, I
> reported them as spam. Now I simply don't see them anymore.<G> When
> sufficient people report this same IP, then that IP may be added to the
> DNSBL and won't come off until they prove that they aren't the problem.
>
> OTOH, if the receiving SMTP server is using a trusted DNSBL and rejecting
> the email based on the IP of the server that is attempting to deliver the
> message, then it will never be received. That IP is either an open relay
> or a spammer's domain, or an infected spambot. With some DNSBLs, they
> practically blacklist anything and therefore reject a lot of good messages
> also. At any rate, the sender doesn't even care that that particular
> message wasn't delivered as it is sending millions of messages and
> realizes that only the stupid will respond anyway.
>
>>>> MW bounces down the "received from IP..." line, and then the bounce
>>>> goes all the way through the "checked as valid" IPs. Then, at the end
>>>> of the line, it hits the relay that passed the mail from an unchecked
>>>> source - ain't that a shame... the bounce can't be passed on and sits
>>>> there on the relay server!
>>>> My heart bleeds for the operator!
>>>>
>>>>
>>> and has accomplished just what?
>>>
>>>
>> Vampires don't bother with me any more :-P
>>
>>>
>>>
>>>> reg
>>>>
>>>>
>
>
>
>
You even state in your own post.... IPs are relevant, NOT addresses!
reg
Andrew DeFaria
It's rather obvious that you don't understand at all. The bounce is sent to email address in either the From:, Return-Path:, or Sender: header, depending on which is available in a particular email. These email addresses are typically spoofed by the actual spammer. When I get these bounced messages to my inbox as a result of messages that I didn't send, I reported them as spam. Now I simply don't see them anymore.<G>
When sufficient people report this same IP, then that IP may be added to the DNSBL and won't come off until they prove that they aren't the problem.
OTOH, if the receiving SMTP server is using a trusted DNSBL and rejecting the email based on the IP of the server that is attempting to deliver the message, then it will never be received. That IP is either an open relay or a spammer's domain, or an infected spambot. With some DNSBLs, they practically blacklist anything and therefore reject a lot of good messages also. At any rate, the sender doesn't even care that that particular message wasn't delivered as it is sending millions of messages and realizes that only the stupid will respond anyway.
Jay Garcia
--- Original Message ---
> squaredancer <square...@t-online.de> wrote in
> news:VfidnW3t08CQnzfb...@mozilla.org:
>
>>
>> It seems you really don't understand the bounce system--- "open relays"
>> are the ones that get "stuck" with the bounces... the ones that are at
>> the end of the bounce-line on valid IPs... fill 'em up with shit... do
>> I care???
>
> It's rather obvious that you don't understand at all. The bounce is sent
> to email address in either the From:, Return-Path:, or Sender: header,
> depending on which is available in a particular email. These email
> addresses are typically spoofed by the actual spammer. When I get these
> bounced messages to my inbox as a result of messages that I didn't send, I
> reported them as spam. Now I simply don't see them anymore.<G> When
> sufficient people report this same IP, then that IP may be added to the
> DNSBL and won't come off until they prove that they aren't the problem.
>
> OTOH, if the receiving SMTP server is using a trusted DNSBL and rejecting
> the email based on the IP of the server that is attempting to deliver the
> message, then it will never be received. That IP is either an open relay
> or a spammer's domain, or an infected spambot. With some DNSBLs, they
> practically blacklist anything and therefore reject a lot of good messages
> also. At any rate, the sender doesn't even care that that particular
> message wasn't delivered as it is sending millions of messages and
> realizes that only the stupid will respond anyway.
>
>>>> MW bounces down the "received from IP..." line, and then the bounce
>>>> goes all the way through the "checked as valid" IPs. Then, at the end
>>>> of the line, it hits the relay that passed the mail from an unchecked
>>>> source - ain't that a shame... the bounce can't be passed on and sits
>>>> there on the relay server!
>>>> My heart bleeds for the operator!
>>>>
>>>
>>> and has accomplished just what?
>>>
>>
>> Vampires don't bother with me any more :-P
>>>
>>>> reg
>>>>
>
>
>
Ok, let's look at this from another perspective, that of the ISP. I have
well over 100 email clients, some use applications like mailwasher.
So, let's look at reality with an example, a little embelished for sake
of argument/example:
Out of the number of clients I have, 50 use a mailwasher-like
application that auto-bounces spam mail. The spam mail is returned as
addressee unknown for example. Now, let's say those 50 users get just 10
spams per day that make it through SpamAssassin/RBL's, etc. That's 500
bounced mail messages that now sit in a queue "var/spool/mqueue/" for 5
days (arbitrary figure) trying and trying to send the mail to a valid
address. This is unnecessary and creates resources that normally would
be used by the rest of the system. As an email provider, I hate those
types of applications and I've warned my client against using them or at
the very least disable the auto-bounce mechanism.
The actual reality now is that there are less than 10 messages daily in
the mqueue waiting to be sent to invalid addresses.