Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Spammed on my usa.net mail account

0 views
Skip to first unread message

Shim

unread,
Nov 19, 1998, 3:00:00 AM11/19/98
to

A Spamrat's Address wrote in message
<731hf9$5j8$4...@ash.prod.itd.earthlink.net>...
>About a week and a half ago, I set up a freebie mail account with
>Netaddress (usa.net). Several days later, I started getting spammed by
>the usual sex sites and web hit promoters.
>
>Usa.net claims that they _do not_ sell or give their user list to
>others, so how is this happening..? I _have not_ given that address to
>anyone.


Now, this is intriguing.

I recently noticed a spam-mail (one of the dozens... sigh) I recieved was
sent to another address under my username: x@shimgray.*.co.uk (It's not 'x',
of course; I'm keeping this one 'clean' so as to be able to prove I never
named it to anyone... when I get my ISP on ToS breach... <g>. '*' is
Freeserve, a rather 'generous' free ISP.)

I never told _anyone_ of the existence of this e-mail address, I never
mailed with it or posted to Usenet with it... so how'd they get the address?

If any of you guys (gals?) can shed som light on it... here's the headers:

------

X-From_: Cyberr_...@job4u.com Wed Nov 18 14:59:49 1998
Envelope-to: shim@shimgray.*.co.uk
Delivery-date: Wed, 18 Nov 1998 14:59:49 +0000
Received: from [207.217.120.130] (helo=dove.prod.itd.earthlink.net)
by mail3.svr.pol.co.uk with esmtp (Exim 2.05iplimit-2 #5)
id 0zg95A-0007vr-00
for shim@shimgray.*.co.uk; Wed, 18 Nov 1998 14:59:48 +0000
Received: from cm (ip17.oshawa.dialup.canada.psi.net [154.11.172.17])
by dove.prod.itd.earthlink.net (8.8.7/8.8.5) with SMTP id GAA02235;
Wed, 18 Nov 1998 06:50:55 -0800 (PST)
Date: Wed, 18 Nov 1998 06:50:55 -0800 (PST)
From: Cyberr_...@job4u.com
Received: from login_0121.job4u.com (mail.job4u.com[204.126.205.201]) by
job4u.com (8.8.5/8.7.3) with SMTP id XAA06234 for Cyberr_...@job4u.com;
Wed, 18 November 1998 09:47:31 -0700 (EDT)
To: y...@yourdomain.com
Subject: I thought you might be interested
Reply-To: Cyberr_...@job4u.com
X-PMFLAGS: 20720340.50
X-UIDL: 20720340_201230.501
Comments: Authenticated Sender is <Cyberr_...@job4u.com>
Message-Id: <94148380_30204879>

-----

Now, what interests me is that it was downloaded from the server to my
machine as for [the other address]@shimgray.*.co.uk, but it seems from the
headers that it was sent to my 'normal' address. I can accept that - if I'm
foolish enough to use it on Usenet, I deserve all I get.

So, is this just a server cockup that sent it to the wrong address... or
freeserve.net selling off addresses?

OTOH, does anyone know of UK\Scottish legislation which micht serve to deter
spammers? Is there any on the books?

-Shim, wonders why a Canadian envelope-stuffer mails to .co.uk

If you must... replace 'cheapskate' with 'freeserve' to contact me.

Ian St John

unread,
Nov 19, 1998, 3:00:00 AM11/19/98
to

Shim wrote in message <731q8p$qee$1...@newsreader4.core.theplanet.net>...

>
>A Spamrat's Address wrote in message
><731hf9$5j8$4...@ash.prod.itd.earthlink.net>...
>>About a week and a half ago, I set up a freebie mail account with
>>Netaddress (usa.net). Several days later, I started getting spammed by
>>the usual sex sites and web hit promoters.
>>
>>Usa.net claims that they _do not_ sell or give their user list to
>>others, so how is this happening..? I _have not_ given that address to
>>anyone.
>
>
>Now, this is intriguing.


So? Have either of you ever visited a website? Java scripting in the webpage
can dowload your default email address without a visible sign that it is
doing so. Security can usually disable this 'active scripting', but most
people don't look at custom security settings.

Probably not usa.net at fault here. Visit *one* sex related site, even by
accident, and I'll bet you end up on ten lists. I found out about it
visiting a 'totally innocuous' site featuring some interesting stuff on
Internet security. I t turned out to be a 'trojan', in that the scripting
gathered your email address.

The visible part just demontrated some simple, and pretty tame security
issues. But my security was set, and when I was asked to allow active
scripting, I checked the site out as raw HTML, and found the 'kicker'. There
are probably dozens of sites which gimmicks that look interesting, but are
really there just to gather email addresses.

Note: Microsoft now has a patch to IE to prevent 'trusted scripts' from
downloading files off your machine when you visit web sites. AKA, the
'cuartango' security hole. See his web page at

http://pages.whowhere.com/computers/cuartangojc/cuartangoh1.html


Shim

unread,
Nov 20, 1998, 3:00:00 AM11/20/98
to

Ian St John wrote in message ...

>
>Shim wrote in message <731q8p$qee$1...@newsreader4.core.theplanet.net>...
>>
>>A Spamrat's Address wrote in message
>><731hf9$5j8$4...@ash.prod.itd.earthlink.net>...
>>>About a week and a half ago, I set up a freebie mail account with
>>>Netaddress (usa.net). Several days later, I started getting spammed by
>>>the usual sex sites and web hit promoters.
>>>
>>>Usa.net claims that they _do not_ sell or give their user list to
>>>others, so how is this happening..? I _have not_ given that address to
>>>anyone.
>>
>>
>>Now, this is intriguing.
>
>
>So? Have either of you ever visited a website? Java scripting in the
webpage
>can dowload your default email address without a visible sign that it is
>doing so. Security can usually disable this 'active scripting', but most
>people don't look at custom security settings.


Aha. My deafult address was the one I currently use for this Usenet posting;
viz, "shim[@]freeserve[.]co[.]uk

>Note: Microsoft now has a patch to IE to prevent 'trusted scripts' from
>downloading files off your machine when you visit web sites. AKA, the
>'cuartango' security hole. See his web page at
>
>http://pages.whowhere.com/computers/cuartangojc/cuartangoh1.html


Just checking it out now.... hmmm

Thanks.

-Shim, still poking around.

0 new messages