OT: Winner of Multiple Competitions

[Sysadmin]

Just recently, I have received numerous emails stating I am a winner of a
loyal customer award, from Tesco, Amazon, Argos and many others. One went
to great lengths to get me to receive a iPhone 13, complete with tracking
details. I only use Amazon on the list so realised that it is all a scam,
so beware folks, they are out in force.

[Andrew]

On 01/12/2021 12:49, Chris Hogg wrote:

> Aren't they just! I've recently had a flood of scams from e.walgreens
> telling me my Norton and McAfee subs have expired (I don't use
> either). They seem to have dried up recently, but others keep coming,
> like a couple in the last two days purporting to come from Martin
> Lewis and offering investment advice.
>
> There was a time when competent ISP's filtered out these things, but
> not at the moment, it seems.
>

Apparently Santander are updating their IT systems requiring me
to log in and confirm my details.

I have never banked with abbey national or Santander though and
I am suspicious that I recently used my debit card in a few new
places to make contactless purchases.

Meanwhile, an email relating to a cousins death was regarded
as spam by BT email so I didn't get it (I use Tbird).

There must be a way of telling BTemail to pass on all emails
and let my Tbird filters deal with them ?. Another job to do.

[Jim GM4DHJ ...]

those black bastards will try anything to con us ....

[Martin Brown]

On 01/12/2021 13:00, Andrew wrote:
> On 01/12/2021 12:49, Chris Hogg wrote:
>> On Wed, 1 Dec 2021 12:29:18 -0000 (UTC), Sysadmin <j...@home.net>
>> wrote:
>>
>>>
>>> Just recently, I have received numerous emails stating I am a winner
>>> of a
>>> loyal customer award, from Tesco, Amazon, Argos and many others. One
>>> went
>>> to great lengths to get me to receive a iPhone 13, complete with
>>> tracking
>>> details. I only use Amazon on the list so realised that it is all a
>>> scam,
>>> so beware folks, they are out in force.
>>
>> Aren't they just! I've recently had a flood of scams from e.walgreens
>> telling me my Norton and McAfee subs have expired (I don't use
>> either). They seem to have dried up recently, but others keep coming,
>> like a couple in the last two days purporting to come from Martin
>> Lewis and offering investment advice.
>>
>> There was a time when competent ISP's filtered out these things, but
>> not at the moment, it seems.
>>
>
> Apparently Santander are updating their IT systems requiring me
> to log in and confirm my details.

The worst scams are parcel non delivery ones that look identical to the
genuine ones that the actual couriers do use.

>
> I have never banked with abbey national or Santander though and
> I am suspicious that I recently used my debit card in a few new
> places to make contactless purchases.
>
> Meanwhile, an email relating to a cousins death was regarded
> as spam by BT email so I didn't get it (I use Tbird).

BTemail servers are exceptionally stupid they sometimes bounce email
from their own servers as "forgeries".

> There must be a way of telling BTemail to pass on all emails
> and let my Tbird filters deal with them ?. Another job to do.

You may be better off with a non-ISP email service even if it actually
costs money. One day they will discontinue providing it.

Vodafone nuked the Demon subdomains in the middle of the Covid pandemic.

--
Regards,
Martin Brown

[John Rumm]

On 01/12/2021 12:49, Chris Hogg wrote:
> On Wed, 1 Dec 2021 12:29:18 -0000 (UTC), Sysadmin <j...@home.net>
> wrote:
>
>>

> Aren't they just! I've recently had a flood of scams from e.walgreens
> telling me my Norton and McAfee subs have expired (I don't use
> either). They seem to have dried up recently, but others keep coming,
> like a couple in the last two days purporting to come from Martin
> Lewis and offering investment advice.
>
> There was a time when competent ISP's filtered out these things, but
> not at the moment, it seems.

Something like 99%+ of emails sent every day are filtered out - what you
see in your inbox are just the spam dregs that remain (plus a few legit
ones).



--
Cheers,

John.

/=================================================================\
| Internode Ltd - http://www.internode.co.uk |
|-----------------------------------------------------------------|
| John Rumm - john(at)internode(dot)co(dot)uk |
\=================================================================/

[John Rumm]

On 01/12/2021 13:23, Martin Brown wrote:

> You may be better off with a non-ISP email service even if it actually
> costs money. One day they will discontinue providing it.

Even if you use your ISPs email service, its always more sensible to
user your own domain to forward messages to it. That way if it is ever
withdrawn, or turns out to not be good enough, or you simply want to
change ISP, you get to keep your address, and can seamlessly transition
to a new provider.

[John Rumm]

On 01/12/2021 13:00, Andrew wrote:

You can whitelist addresses and domains in the BT webmail portal - those
settings should still be effective when using a desktop client. .

(Lots of the BT spam filtering is done as ingress filtering though. So
most spam will not even get delivered into their system or your spam
folder in the first place).

[John Rumm]

as will many other hues!

Although I did trace a Nigerian one the other day. A customer got in
touch to say his email had been hacked (it was only a matter of time -
micky mouse passwords, re-used on multiple sites), and all his contacts
were getting messages impersonating him asking for a favour.

So when I got mine, I thought it would be time to have some fun and
practice my social engineering :-)

So I responded, and got the sob story that he was away from home but
needed someone to go buy a £100 gift card for him so he could give it to
his niece for her birthday.

Anyway after several days of him having trouble using the gift card I
bought him (and him unwittingly giving up his location, ISP, IP address,
and the make and model of iPhone he was using), he stopped speaking to
me when I told him I had delivered the card to his niece for him and now
he owed me a favour!

[Rod Speed]

Andrew <Andrew9...@mybtinternet.com> wrote
> Chris Hogg wrote

>> Sysadmin <j...@home.net> wrote

>>> Just recently, I have received numerous emails stating I am a winner of
>>> a
>>> loyal customer award, from Tesco, Amazon, Argos and many others. One
>>> went
>>> to great lengths to get me to receive a iPhone 13, complete with
>>> tracking
>>> details. I only use Amazon on the list so realised that it is all a
>>> scam,
>>> so beware folks, they are out in force.
>>
>> Aren't they just! I've recently had a flood of scams from e.walgreens
>> telling me my Norton and McAfee subs have expired (I don't use
>> either). They seem to have dried up recently, but others keep coming,
>> like a couple in the last two days purporting to come from Martin
>> Lewis and offering investment advice.
>>
>> There was a time when competent ISP's filtered out these things, but
>> not at the moment, it seems.
>>
>
> Apparently Santander are updating their IT systems requiring me
> to log in and confirm my details.
>
> I have never banked with abbey national or Santander though and
> I am suspicious that I recently used my debit card in a few new
> places to make contactless purchases.

That’s the big advantage of ApplePay, no one
ever gets anything that they can use to do that.

Means that you couldn’t care less about some dodgy
illegal running a store either.

[Andrew]

I would prefer a generic "pass all received emails to me" option
and I will let Tbird decide what action to take.

[newshound]

On 01/12/2021 14:23, John Rumm wrote:

>
> Something like 99%+ of emails sent every day are filtered out - what you
> see in your inbox are just the spam dregs that remain (plus a few legit
> ones).
>

My Spam folder has 20 very obvious dodgy emails today, compared to half
a dozen that made it to Inbox. (And half of them are "acceptable" spam).
So I would not doubt the 99% figure.

[Peeler]

On Thu, 2 Dec 2021 02:59:15 +1100, cantankerous trolling geezer Rodent
Speed, the auto-contradicting senile sociopath, blabbered, again:

<FLUSH the abnormal trolling senile cretin's latest trollshit unread>

--
Tim+ about trolling Rodent Speed:
He is by far the most persistent troll who seems to be able to get under the
skin of folk who really should know better.
Since when did arguing with a troll ever achieve anything (beyond giving
the troll pleasure)?
MID: <1421057667.659518815.743...@news.individual.net>

[Brian Gaff (Sofa)]

But did you get the I Phone?
I think I'd have sold it on myself.
Brian

--

This newsgroup posting comes to you directly from...
The Sofa of Brian Gaff...
bri...@blueyonder.co.uk
Blind user, so no pictures please
Note this Signature is meaningless.!
"Sysadmin" <j...@home.net> wrote in message
news:so7pqu$phh$1...@dont-email.me...

[Brian Gaff (Sofa)]

Yes well, its a lot of trouble to go to to piss off con artists, Best plan
is just to ignore them.

One guy wrote to me recently with a pre written review of his service for me
to submit to a web site via Wordpress. Not only did I not know of him, even
though he was offering a payment, but I'd not be touching his patented horse
racing system with a long barge pole either.
Horse racing, really?

Brian

--

This newsgroup posting comes to you directly from...
The Sofa of Brian Gaff...
bri...@blueyonder.co.uk
Blind user, so no pictures please
Note this Signature is meaningless.!

"John Rumm" <see.my.s...@nowhere.null> wrote in message
news:jLmdnSsdBc3nFzr8...@brightview.co.uk...

[AnthonyL]

To the best of my failing memory BT took away the whitelisting
facility and stopped putting spam in the spam box deeming their
systems to be intelligent enough to not have false positives. I had
some disappointing direct contact with the head of their email
services who also argued that POP3 was defunct technology.

Their Community boards soon filled up with people complaining that
expected mail, from reputable sources, wasn't getting through. I
changed my email provider to another free one that gave me better
control of the settings and sent me a notification if there was mail
in spam when I checked via POP3.

My wife and I have a joint gmail a/c and it is set to forward emails
to her btinternet mail - which has started rejecting the long standing
emails from our local council. I have now discovered that the
whitelist is back (or maybe it never went away) and have whitelisted
that council's address so as not to get trapped by bt's super
intelligent spam detection.

The big problem is how to know what emails haven't arrived? I may
have notification that I've won millions, or a free iPhone and don't
know about it.



--
AnthonyL

Why ever wait to finish a job before starting the next?

[Fredxx]

On 01/12/2021 13:00, Andrew wrote:

I do bank with Santander, and get annoyed when I get phishing emails to
a unique address that was only ever given to Abbey National, and another
to Alliance & Leicester.

> Meanwhile, an email relating to a cousins death was regarded
> as spam by BT email so I didn't get it (I use Tbird).
>
> There must be a way of telling BTemail to pass on all emails
> and let my Tbird filters deal with them ?. Another job to do.

Recently I also got an email to an address unique to HMRC which had this
URL embedded in the email:
https://hmrc.imicampaign.uk/

It was stating I was to pay a penalty because of some formality to do
with money laundering.

I sent the email to:
phis...@hmrc.gov.uk
as per HMRC instruction and told it was legitimate. After some toing and
froing with the phishing people I finally got:

"We're sorry that we sent you an email about urgent Anti Money
Laundering Supervision earlier today. We sent this by mistake, there is
no need to take any action, please delete that email."

You really can't make things like this up.

BTW, is there a connection with Churchill Insurance and Direct Line?

[Anonymous]

On Wed, 1 Dec 2021 13:13:41 +0000, "Jim GM4DHJ ..."
<kinvig...@ntlworld.com> wrote:

>On 01/12/2021 12:29, Sysadmin wrote:
>>
>> Just recently, I have received numerous emails stating I am a winner
of a
>> loyal customer award, from Tesco, Amazon, Argos and many others. One
went
>> to great lengths to get me to receive a iPhone 13, complete with
tracking
>> details. I only use Amazon on the list so realised that it is all a
scam,
>> so beware folks, they are out in force.
>>

>those black bastards will try anything to con us ....

oy ve... those schvarzers... the goyim will all die
when are you coming to see me?
greville has so many kids to offer you,we both know that you like
babies....

[Jonathan]

Let us know when you work it out.

Jonathan

[The Natural Philosopher]

BT mail is designed to give complete numpties a 'safe enjoyable user
experience'

If it doesn't work for you, then their attitude is 'fuck off then'

Why anyone with any computer nöus uses it, beats me.

get a domain with e.g. 123 and set up your own email - 99p a month


--
"Socialist governments traditionally do make a financial mess. They
always run out of other people's money. It's quite a characteristic of them"

Margaret Thatcher

[Fredxx]

On 02/12/2021 16:00, The Natural Philosopher wrote:
> On 02/12/2021 15:47, Jonathan wrote:
>> On Wednesday, December 1, 2021 at 1:00:51 PM UTC, Andrew wrote:
>
>>> There must be a way of telling BTemail to pass on all emails
>>> and let my Tbird filters deal with them ?. Another job to do.
>>
>> Let us know when you work it out.
>>
>> Jonathan
>>
>
> BT mail is designed to give complete numpties a 'safe enjoyable user
> experience'
>
> If it doesn't work for you, then their attitude is 'fuck off then'
>
> Why anyone with any computer nöus uses it, beats me.
>
> get a domain with e.g. 123 and set  up your own  email - 99p a month

That gets you from one extreme to another. To no filtering whatsoever.

[Chris Green]

Which, in my experience, with an E-Mail address that has been the same
for many, many years, works very well.

I get maybe a dozen spam/junk mails to my main E-Mail address per day
which are really no issue since I just hit 'd' and they're gone. I
can cope with hitting 'd' a few times every day. :-)

I do also look through (programmatically, not personally!) all the
E-Mail that arrives at my isbd.co.uk domain. Looking at the log there
seem to be about 5 messages every half hour.

--
Chris Green
·

[jon]

On Thu, 02 Dec 2021 08:57:17 +0000, Brian Gaff \(Sofa\) wrote:

> But did you get the I Phone?
> I think I'd have sold it on myself.
> Brian

The catch was a £3 delivery.

[John Rumm]

Depending on the type of mailbox (which depends a bit on when you bought
it and how you got it) 123 reg has 10 user selectable levels for both
spam flagging, and spam deletion. They also do ingress filtering (as do
nearly all ISPs and mail providers) that will bounce anything flagged on
a spam blacklist on entry to the system.

(not that I would recommend 123 for anything other than basic personal
email)

[Dave Plowman (News)]

In article <soavsb$t3t$1...@dont-email.me>,

I can see why that wouldn't be worth it for an iPhone. ;-)

--
*If vegetable oil comes from vegetables, where does baby oil come from? *

Dave Plowman da...@davenoise.co.uk London SW
To e-mail, change noise into sound.

[Fredxx]

I have no filtering, apart from potential spam is flagged.

My way round this is to use different email addresses for personal and
anything I sign up to.

Hence my earlier whinge about Santander, where I get email to an address
which was ab...@mydomainname.com It was only ever given to Abbey
National, when it existed, and have never given it to a third party. It
becomes an easy matter to simply direct any email to this offending
address into a lack hole.

[Fredxx]

On 03/12/2021 00:57, Dave Plowman (News) wrote:
> In article <soavsb$t3t$1...@dont-email.me>,
> jon <j...@mail.com> wrote:
>> On Thu, 02 Dec 2021 08:57:17 +0000, Brian Gaff \(Sofa\) wrote:
>
>>> But did you get the I Phone?
>>> I think I'd have sold it on myself.
>>> Brian
>
>> The catch was a £3 delivery.
>
> I can see why that wouldn't be worth it for an iPhone. ;-)

You are assuming that anyone would send an iPhone. It doesn't take many
people kindly responding to the email and paying the £3.

I can see why scams as so prevalent if some believe after paying £3
they're going to get a phone.

The Nigerian scams are based on the same idea, albeit with more handsome
bounties for the scammers.

There is a saying, if it looks too good to be true it probably is.
Especially for a competition you've never entered.

[#Paul]

John Rumm <see.my.s...@nowhere.null> wrote:
> On 01/12/2021 13:23, Martin Brown wrote:
>
>> You may be better off with a non-ISP email service even if it actually
>> costs money. One day they will discontinue providing it.
>
> Even if you use your ISPs email service, its always more sensible to
> user your own domain to forward messages to it. That way if it is ever
> withdrawn, or turns out to not be good enough, or you simply want to
> change ISP, you get to keep your address, and can seamlessly transition
> to a new provider.

Except, as happened to me and someone else I know, when the
forwarding comes in conflict with SPF, and your ISP silently
deletes them as "forged"[1]. It's quite hard to diagnose why
someone isn't getting (e.g.) the password reset emails from
amazon when they simply never arrive for no discernable reason,
and since you can't log in, you can't change where they get
sent.

https://en.wikipedia.org/wiki/Sender_Policy_Framework

I now grab the emails directly from the domain hosting service.


[1] I think the way it "works" - but I am not sure - is that
once forwarded, the email can look like it is no longer from
the original sender but from the forwarder; thus it looks
the forwarder has (might have) forged an email from the original
sender.


#Paul

[Richard]

Stick your email address in here and see if it's been in a hacked database:
https://haveibeenpwned.com/

and, yes it is safe to use this.

[billy bookcase]

"Richard" <smit...@btinternet.com.invalid> wrote in message
news:socj48$1q8i$1...@gioia.aioe.org...

>
> Stick your email address in here and see if it's been in a hacked database:
> https://haveibeenpwned.com/
>
> and, yes it is safe to use this.

And you know this how exactly ?

Assuming there is a database, then any enquirer who hadn't already
been hacked and spammed will be safe. As the enquirer would
immediately put any new spam down to having visited the site.

However if an enquirer has already been hacked and spammed and
these people know when, then allowing for decent interval if they
then sell on an enquirers email address, there's no way the victim
would know.

Free lunches and all that


bb

[Richard]

On 03/12/2021 08:53, billy bookcase wrote:
> "Richard" <smit...@btinternet.com.invalid> wrote in message
> news:socj48$1q8i$1...@gioia.aioe.org...
>>
>> Stick your email address in here and see if it's been in a hacked database:
>> https://haveibeenpwned.com/
>>
>> and, yes it is safe to use this.
>
> And you know this how exactly ?

Because it is.

>
> Assuming there is a database, then any enquirer who hadn't already
> been hacked and spammed will be safe. As the enquirer would
> immediately put any new spam down to having visited the site.

Perhaps you are unable to understand that not all people are out to get
you. Stop smoking the weed.

>
> However if an enquirer has already been hacked and spammed and
> these people know when, then allowing for decent interval if they
> then sell on an enquirers email address, there's no way the victim
> would know.

Put the bong down.

>
> Free lunches and all that

It is a service which is provided to those who may wish to use it. No
one is forcing anyone to use it.

[Chris Green]

Yes, that's what happens on my main E-Mail too.

> My way round this is to use different email addresses for personal and
> anything I sign up to.
>

I used to do that when I was a bit suspicious about signing up to
something but the 'different' E-Mail addresses have turned up so
infrequently I've stopped bothering.

--
Chris Green
·

[John Rumm]

On 03/12/2021 08:53, billy bookcase wrote:

> "Richard" <smit...@btinternet.com.invalid> wrote in message
> news:socj48$1q8i$1...@gioia.aioe.org...
>>
>> Stick your email address in here and see if it's been in a hacked database:
>> https://haveibeenpwned.com/
>>
>> and, yes it is safe to use this.
>
> And you know this how exactly ?

Because I expect he has done the research like the rest of us?

The site is operated by Troy Hunt, a well known security consultant and
developer and also a Microsoft Regional Director.

https://rd.microsoft.com/en-us/troy-hunt
https://www.linkedin.com/in/troyhunt/

> Assuming there is a database,

There is a massive database. He has collected all of the publicly
available breached data "pastes" from across the darker corners of the
web for years.

[snip conspiracy theory]

[Martin Brown]

SPF is an ill thought out protocol intended to make forgeries more
difficult but has the unfortunate side effect that poorly configured ISP
mail servers and accounts belonging to naive not especially tech savvy
small businesses end up with emails that SPF interprets as forgeries.

Under some circumstances BT servers can treat emails sent from one sort
of BT customer to another sort the resulting email fails to pass the
test. I have seen it and have never been able to pin down why it
happens. They just vanish into the ether leaving the sender with the
impression it has gone and the recipient non the wiser.

It (SPF fails) shows up a lot at this time of year when accountants are
trying to contact their clients about year end tax and vice versa and
things sometimes just disappear. If it is time critical it is as well to
ring and check that it arrived safely since if a server drops it on the
floor you will not get any kind of warning :(

Confused the hell out of my accountant last year when something like
half their clients claimed never to have been reminded. Looking at their
email headers I could understand why but it took some explaining and I
told them to just forward my email to their ISP for them to sort it out.

I'm hoping that this year they won't run into the same brick wall.

SPF is an unholy bodge.

--
Regards,
Martin Brown

[John Rumm]

On 05/12/2021 09:15, Martin Brown wrote:
> On 02/12/2021 23:39, #Paul wrote:
>> John Rumm <see.my.s...@nowhere.null> wrote:
>>> On 01/12/2021 13:23, Martin Brown wrote:
>>>
>>>> You may be better off with a non-ISP email service even if it actually
>>>> costs money. One day they will discontinue providing it.
>>>
>>> Even if you use your ISPs email service, its always more sensible to
>>> user your own domain to forward messages to it. That way if it is ever
>>> withdrawn, or turns out to not be good enough, or you simply want to
>>> change ISP, you get to keep your address, and can seamlessly transition
>>> to a new provider.
>>
>> Except, as happened to me and someone else I know, when the
>> forwarding comes in conflict with SPF, and your ISP silently
>> deletes them as "forged"[1]. It's quite hard to diagnose why
>> someone isn't getting (e.g.) the password reset emails from
>> amazon when they simply never arrive for no discernable reason,
>> and since you can't log in, you can't change where they get
>> sent.

For some reason Paul's post is not showing up on my server, so I well
reply here...

Remember that if you own the domain, then you also have control over SPF
and DKIM records. So you should be able to avoid such problems.

You also control the MX records, so don't have to use the domain hosts
email forwarding facilities if you don't want to.

>> https://en.wikipedia.org/wiki/Sender_Policy_Framework
>>
>> I now grab the emails directly from the domain hosting service.
>>
>>
>> [1] I think the way it "works" - but I am not sure - is that
>>   once forwarded, the email can look like it is no longer from
>>   the original sender but from the forwarder; thus it looks
>>   the forwarder has (might have) forged an email from the original
>>   sender.

The forwarder should check the SPF on the incoming mail. If it then
forwards, and chooses to re-write the header, it should make sure it
does so in accordance with its own SPF records.

> SPF is an ill thought out protocol intended to make forgeries more
> difficult but has the unfortunate side effect that poorly configured ISP
> mail servers and accounts belonging to naive not especially tech savvy
> small businesses end up with emails that SPF interprets as forgeries.

In the case of ISPs perhaps. For many small businesses the default SPF
record is usually no SPF record at all - which is far less harmful than
an incorrectly configured one.

The biggest pain IME, is when you have a number of subcontracted
organisations that you want to be able to send mail on your behalf. You
then need a more complicated record that can designate their mail
servers as legitimate senders of mail for your domain. You can soon run
into the maximum length limits of the record itself, or the number of
DNS lookups required to fully resolve it. And that is before you get the
problems of subcontractors changing their email platform hosting
arrangements and not telling you! (or telling you they are changing on a
particular date and then not actually changing them)

> Under some circumstances BT servers can treat emails sent from one sort
> of BT customer to another sort the resulting email fails to pass the
> test. I have seen it and have never been able to pin down why it
> happens. They just vanish into the ether leaving the sender with the
> impression it has gone and the recipient non the wiser.
>
> It (SPF fails) shows up a lot at this time of year when accountants are
> trying to contact their clients about year end tax and vice versa and
> things sometimes just disappear. If it is time critical it is as well to
> ring and check that it arrived safely since if a server drops it on the
> floor you will not get any kind of warning :(
>
> Confused the hell out of my accountant last year when something like
> half their clients claimed never to have been reminded. Looking at their
> email headers I could understand why but it took some explaining and I
> told them to just forward my email to their ISP for them to sort it out.
>
> I'm hoping that this year they won't run into the same brick wall.
>
> SPF is an unholy bodge.




--

[John Rumm]

On 02/12/2021 09:01, Brian Gaff (Sofa) wrote:

> Yes well, its a lot of trouble to go to to piss off con artists, Best plan
> is just to ignore them.

But where would be the challenge in that?

Anyway it was not about pissing him off - or at least not in a way that
would make him realise I was. I ultimately had his location, IP address,
and the ISP he was using, even the make and model of phone, as well as a
gmail address he was abusing. So I could report those to google and his
ISP. There is a slim chance it might have some minor effect on his
ability to scam going forward if we are lucky.

It also wasted some of his time that was then not being put to use
scamming someone for real.

So unless he reads this group he does not actually know that I was
toying with him - he may just think I was the dumb schmuck who paid £100
for a gift card, but then ruined his chance of getting his hands on it
right at the end by being too helpful :-)