Concern re spam emails

[Sami]

I have an email address which I only use for eBay and Paypal.

I recently ordered some goods online from a UK based company (they also have
an eBay site), which required payment by Paypal. The transaction was
completed, involving, of course, that particular email address.

Since then, it's been nothing but spam galore, some of the emails being
addressed 'from' and to my address... can anybody enlightened me as to
what's happened here? How can bots and harvesters obtain an email address
from what I thought was a secure transaction?

Thanks.

(Please excuse my naviety! Hope this isn't too OT))

 

[VanguardLH]

I have an email address which I only use for eBay and Paypal.

I recently ordered some goods online from a UK based company (they also have
an eBay site), which required payment by Paypal. The transaction was
completed, involving, of course, that particular email address.

Since then, it's been nothing but spam galore, some of the emails being
addressed 'from' and to my address... can anybody enlightened me as to
what's happened here? How can bots and harvesters obtain an email address
from what I thought was a secure transaction?

Thanks.

(Please excuse my naviety! Hope this isn't too OT))

When you received an e-mail from that seller, did you receive it in an
e-mail client or did you see it in the Messages section of your eBay
account when you used a web browser to access your account up on the
server?

If you received e-mail from the seller in a local e-mail client then
perhaps you replied to that sender. That means they got the e-mail
address that was specified in the e-mail account you used for replying
from your e-mail client. When you get those eBay e-mails, there is a
link (that looks like a button) that you click to reply. This opens
your web browser whereupon you log into your eBay account and use THEIR
message center to send your e-mails (there might also be a checkbox to
NOT show your e-mail address to the seller).

You do NOT want to reply using your e-mail client. The sender sent a
message to an eBay user involved in the transaction which they are
permitted to do. They probably sent it using the Messages feature of
their eBay account (when using a web browser to access their eBay
account). If you had replied to them also using the Messages feature of
eBay then your e-mail address would have remained private. However, if
you reply to the e-mail using your own local e-mail client then the
seller sees all the same information in your e-mails as would any other
recipient of e-mails sent by your local e-mail client.

If you want to hide, use eBay's Messages feature to reply to e-mails.
That is, log into your eBay account and check your messages there, and
reply to there from there. As I recall, there is a checkbox in the web
form (when using eBay's Messages) to hide your e-mail address. Make
sure it is selected so you don't reveal the e-mail that you recorded in
your eBay account.

Since you only use and divulge a unique e-mail address for your eBay
account then you probably know who caused the spamming. However, eBay
won't know because they cannot determine that you never divulged your
e-mail address to some other party in a prior auction. Just because the
spamming started now doesn't prove it was caused by a particular person
you dealt with at eBay. Spam comes and goes. When you received spam
before, was it then because the moon was full or due to some planetary
alignment?

So what does your e-mail address look like? Is it something like
<myname>@<domain>? Well, anyone can attack that account with spam.
It's a simple dictionary lookup to pile together various first and last
names to construct a username, and domains are public information plus
you are probably using a popular and often spammed one. An e-mail
address like (e-mail address removed) could be targeted by using w and e
initials and appending the lastname kirch. The spambots are not likely
to attack an e-mail address of (e-mail address removed) (but then
its not a username that you or others will easily remember, either). If
you are going to create a unique e-mail address for use by just entity
or for just one purpose then don't use a username that is easily
compiled by slapping together initials, names, and just add a number or
two at the end.

That you just participated in an eBay transaction and now start getting
more spam than you did before is not proof that the spam was instigated
by the other party in the recent auction. Spam happens. It happens at
irregular intervals. Changing your eBay userID would result in losing
any accumulated feedback (reputation) but you should be able to change
your e-mail address in your eBay account (as long as there are no
pending transactions).

 

[1PW]

When you received an e-mail from that seller, did you receive it in an
e-mail client or did you see it in the Messages section of your eBay
account when you used a web browser to access your account up on the
server?

If you received e-mail from the seller in a local e-mail client then
perhaps you replied to that sender. That means they got the e-mail
address that was specified in the e-mail account you used for replying
from your e-mail client. When you get those eBay e-mails, there is a
link (that looks like a button) that you click to reply. This opens
your web browser whereupon you log into your eBay account and use THEIR
message center to send your e-mails (there might also be a checkbox to
NOT show your e-mail address to the seller).

You do NOT want to reply using your e-mail client. The sender sent a
message to an eBay user involved in the transaction which they are
permitted to do. They probably sent it using the Messages feature of
their eBay account (when using a web browser to access their eBay
account). If you had replied to them also using the Messages feature of
eBay then your e-mail address would have remained private. However, if
you reply to the e-mail using your own local e-mail client then the
seller sees all the same information in your e-mails as would any other
recipient of e-mails sent by your local e-mail client.

If you want to hide, use eBay's Messages feature to reply to e-mails.
That is, log into your eBay account and check your messages there, and
reply to there from there. As I recall, there is a checkbox in the web
form (when using eBay's Messages) to hide your e-mail address. Make
sure it is selected so you don't reveal the e-mail that you recorded in
your eBay account.

Since you only use and divulge a unique e-mail address for your eBay
account then you probably know who caused the spamming. However, eBay
won't know because they cannot determine that you never divulged your
e-mail address to some other party in a prior auction. Just because the
spamming started now doesn't prove it was caused by a particular person
you dealt with at eBay. Spam comes and goes. When you received spam
before, was it then because the moon was full or due to some planetary
alignment?

So what does your e-mail address look like? Is it something like
<myname>@<domain>? Well, anyone can attack that account with spam.
It's a simple dictionary lookup to pile together various first and last
names to construct a username, and domains are public information plus
you are probably using a popular and often spammed one. An e-mail
address like (e-mail address removed) could be targeted by using w and e
initials and appending the lastname kirch. The spambots are not likely
to attack an e-mail address of (e-mail address removed) (but then
its not a username that you or others will easily remember, either). If
you are going to create a unique e-mail address for use by just entity
or for just one purpose then don't use a username that is easily
compiled by slapping together initials, names, and just add a number or
two at the end.

That you just participated in an eBay transaction and now start getting
more spam than you did before is not proof that the spam was instigated
by the other party in the recent auction. Spam happens. It happens at
irregular intervals. Changing your eBay userID would result in losing
any accumulated feedback (reputation) but you should be able to change
your e-mail address in your eBay account (as long as there are no
pending transactions).

I totally agree with all you've sent. I'd only add that the OP's unique
eBay/PayPal email address may simply have been skimmed & sold to
spammers as another small contribution to one's revenue stream. The
advice to terminate /that/ email address is golden.

I even go as far as to have a /disposable/ email address on another ISP.
Although that helps, eventually the spammers will probably stop anyway.

Pete

 

[Dave Cohen]

I have an email address which I only use for eBay and Paypal.

I recently ordered some goods online from a UK based company (they also have
an eBay site), which required payment by Paypal. The transaction was
completed, involving, of course, that particular email address.

Since then, it's been nothing but spam galore, some of the emails being
addressed 'from' and to my address... can anybody enlightened me as to
what's happened here? How can bots and harvesters obtain an email address
from what I thought was a secure transaction?

Thanks.

(Please excuse my naviety! Hope this isn't too OT))

Despite what you may read in these posts (and I don't mean this to imply
that I disagree with them), there really isn't a full proof way to
prevent spam. If there were, it would be published and we would all be
spam free, much as most of us can remain virus free.
I've used PayPal and that didn't seem to cause a problem, although
PayPal itself occasionally sends me stuff.
I was spam free on my Hotmail account for the longest time then started
getting a rash of stuff, I'm pretty sure that originated from a single
online transaction. On the other hand, my Verizon account has been clean
even though that's the one I share with friends.
Since I need to monitor a number of accounts, I use Mailwasher. This
also serves as an excellent filter. If you only need one account, the
free version is quite adequate and that's the best way I know to control
this nuisance. I suppose since spam has been around for ages, there must
be people out dumb enough to respond and that's what keeps it going.
Dave Cohen

 

[Stephen Wolstenholme]

I have an email address which I only use for eBay and Paypal.

I recently ordered some goods online from a UK based company (they also have
an eBay site), which required payment by Paypal. The transaction was
completed, involving, of course, that particular email address.

Since then, it's been nothing but spam galore, some of the emails being
addressed 'from' and to my address... can anybody enlightened me as to
what's happened here? How can bots and harvesters obtain an email address
from what I thought was a secure transaction?

I have been running a business using Paypal for years and I have never
had a problem with spam. If your address has been discovered by some
spammer it will almost certainly be the "UK based company" that
revealed the address. Ebay and Paypal do not make the email address
easy to find but some companies who use Paypal are far from secure.

Steve

 

[Sami]

I have been running a business using Paypal for years and I have never
had a problem with spam. If your address has been discovered by some
spammer it will almost certainly be the "UK based company" that
revealed the address. Ebay and Paypal do not make the email address
easy to find but some companies who use Paypal are far from secure.

Steve

I agree, Steve, I've used Paypal many times in the past and never
encountered the spam problem before.

Sami

 

[Sami]

When you received an e-mail from that seller, did you receive it in an
e-mail client or did you see it in the Messages section of your eBay
account when you used a web browser to access your account up on the
server?

The transaction wasn't made via eBay - I ordered the goods from the
company's website itself. Payment was by Paypal, so I clicked on the
'Paypal' icon, this took me to their site; I logged in using the email
address in question, and made the payment. On completion, I was directed
back to the company's website, which showed my email address, transaction
ID, payment made etc.. I later received an email confirmation which arrived
through my email client.

If you received e-mail from the seller in a local e-mail client then
perhaps you replied to that sender. That means they got the e-mail
address that was specified in the e-mail account you used for replying
from your e-mail client. When you get those eBay e-mails, there is a
link (that looks like a button) that you click to reply. This opens
your web browser whereupon you log into your eBay account and use THEIR
message center to send your e-mails (there might also be a checkbox to
NOT show your e-mail address to the seller).

Had I made the transaction via eBay I would've done so, thanks.

You do NOT want to reply using your e-mail client. The sender sent a
message to an eBay user involved in the transaction which they are
permitted to do. They probably sent it using the Messages feature of
their eBay account (when using a web browser to access their eBay
account). If you had replied to them also using the Messages feature of
eBay then your e-mail address would have remained private. However, if
you reply to the e-mail using your own local e-mail client then the
seller sees all the same information in your e-mails as would any other
recipient of e-mails sent by your local e-mail client.

If you want to hide, use eBay's Messages feature to reply to e-mails.
That is, log into your eBay account and check your messages there, and
reply to there from there. As I recall, there is a checkbox in the web
form (when using eBay's Messages) to hide your e-mail address. Make
sure it is selected so you don't reveal the e-mail that you recorded in
your eBay account.

Since you only use and divulge a unique e-mail address for your eBay
account then you probably know who caused the spamming. However, eBay
won't know because they cannot determine that you never divulged your
e-mail address to some other party in a prior auction. Just because the
spamming started now doesn't prove it was caused by a particular person
you dealt with at eBay. Spam comes and goes. When you received spam
before, was it then because the moon was full or due to some planetary
alignment?

So what does your e-mail address look like? Is it something like
<myname>@<domain>? Well, anyone can attack that account with spam.
It's a simple dictionary lookup to pile together various first and last
names to construct a username, and domains are public information plus
you are probably using a popular and often spammed one. An e-mail
address like (e-mail address removed) could be targeted by using w and e
initials and appending the lastname kirch. The spambots are not likely
to attack an e-mail address of (e-mail address removed) (but then
its not a username that you or others will easily remember, either). If
you are going to create a unique e-mail address for use by just entity
or for just one purpose then don't use a username that is easily
compiled by slapping together initials, names, and just add a number or
two at the end.

That you just participated in an eBay transaction and now start getting
more spam than you did before is not proof that the spam was instigated
by the other party in the recent auction. Spam happens. It happens at
irregular intervals. Changing your eBay userID would result in losing
any accumulated feedback (reputation) but you should be able to change
your e-mail address in your eBay account (as long as there are no
pending transactions).

Thanks for the info.

 

[Sami]

Despite what you may read in these posts (and I don't mean this to imply
that I disagree with them), there really isn't a full proof way to prevent
spam. If there were, it would be published and we would all be spam free,
much as most of us can remain virus free.
I've used PayPal and that didn't seem to cause a problem, although PayPal
itself occasionally sends me stuff.
I was spam free on my Hotmail account for the longest time then started
getting a rash of stuff, I'm pretty sure that originated from a single
online transaction. On the other hand, my Verizon account has been clean
even though that's the one I share with friends.
Since I need to monitor a number of accounts, I use Mailwasher. This also
serves as an excellent filter. If you only need one account, the free
version is quite adequate and that's the best way I know to control this
nuisance. I suppose since spam has been around for ages, there must be
people out dumb enough to respond and that's what keeps it going.
Dave Cohen

Thanks Dave, I think I'll look into Mailwasher.

 

[Kenneth]

Thanks Dave, I think I'll look into Mailwasher.

Howdy,

I've not read the whole thread, but...

I used Mailwasher for a while, and then found something far
better.

You might want to check:

http://spambayes.sourceforge.net/download.html

The produce is Spambayes, and I have used it on many
machines for years.

It works flawlessly.

All the best,

 

[VanguardLH]

Any store that requires me, the buyer, to go to their site to then use
PayPal is violating the purpose of advertising PayPal in their eBay
auction. If you don't use eBay's own link to PayPal to pay the seller,
you are not covered by eBay's Buyer Protection. The store has their
PayPal account but you are not going through eBay to complete the
auction if the seller demands that you go to their site.

Anyone can open a PayPal account, including stores, you, me, your
mother, or whomever. That does NOT afford any of the protections
offered to buyers of auctions at eBay unless the buyer uses eBay to
complete the auction. If an auction tells you to wait for their e-mail
to tell you how to complete the auction or leads you off to their site
to complete the auction then I don't bid with that seller. They are
deliberately leading you away from eBay and away from the protections
afforded by using eBay.

https://www.paypal.com/cgi-bin/webscr?cmd=p/gen/ua/policy_pbp-outside#pbp-policy

13 Protection for Buyers
13.1 How am I protected if I have a problem with a purchase?
PayPal has two programs to help protect you:
- PayPal Buyer Protection (for eligible items purchased on eBay)
- PayPal Buyer Complaint Policy (for all other items purchased on or
off eBay)

Well, if you get drawn away from the auction page at eBay (or don't use
the eBay link in the e-mail they send you) then you're stuck under the
2nd option above. You're not going through eBay to finalize the
transaction because you didn't use eBay's PayPal button.

There is an ulterior motive for store sellers to route you through their
web site (or use their link in an e-mail they send you) instead of
clicking on the Pay Now button (for PayPal) in eBay's auction page or
using the link in eBay's e-mail. They want the order going through
their own ordering and tracking system. Yes, you are paying for the
item to a PayPal account for the seller. No, you are not completing the
auction and initiating payment for it through eBay.

I did find some rather interesting (i.e., disturbing) information at
eBay's site: http://pages.ebay.com/help/sell/email-buyer.html. Note
where it says, "Note: You can edit your own email address by clicking
the "Edit" link. You can edit the buyer's email address through the
sales record." So apparently eBay may provide the buyer's e-mail
address through some sales record.

I looked at a recent auction of mine and looked under View Order
Details. While the buyer's shipping address was shown, there was no
e-mail address for the buyer. It could be eBay divulges the buyer's
e-mail address for those sellers that operate a presence by using an
eBay Store. I followed the navigation mentioned at
http://pages.ebay.com/help/sell/email-marketing-measuring-success.html
but there was no "Email Marketing" link which leads me to believe that
having (paying) for an eBay Store presence gives you the option of
looking at whatever that e-mail data contains.

If you believe the seller compromised your e-mail address, open a
complaint with eBay. Obviously the seller wants to use eBay as a
presence for selling their wares. If eBay contacts them and perhaps
decides to terminate their account, this seller may rethink their
practices. You could also ask them if eBay Stores are allowed to see
your e-mail address (as indicated above in the Marketing Tools and the
record supplied to the seller).

 

[VanguardLH]

Howdy,

I've not read the whole thread, but...

I used Mailwasher for a while, and then found something far
better.

You might want to check:

http://spambayes.sourceforge.net/download.html

The produce is Spambayes, and I have used it on many
machines for years.

It works flawlessly.

All the best,

Mailwasher uses blacklists (for which they never donate any monies to
support) and, I believe, some rules. I don't recall if Mailwasher
included Bayesian prediction of possible spam. SpamBayes is just
Bayesian detection (i.e., a guessing game). It is sensitive to the
volume of your e-mails and isn't useful for "new" spam which uses
keywords that are not in the Bayes history or have long expired.
SpamPal (free) uses both blacklists and Bayesian detection.

I'd suggest the OP first check if spam filtering is enabled up on their
account on the server by using the webmail interface to their account to
look at its options.

 

[Kenneth]

Mailwasher uses blacklists (for which they never donate any monies to
support) and, I believe, some rules. I don't recall if Mailwasher
included Bayesian prediction of possible spam. SpamBayes is just
Bayesian detection (i.e., a guessing game). It is sensitive to the
volume of your e-mails and isn't useful for "new" spam which uses
keywords that are not in the Bayes history or have long expired.
SpamPal (free) uses both blacklists and Bayesian detection.

I'd suggest the OP first check if spam filtering is enabled up on their
account on the server by using the webmail interface to their account to
look at its options.

Hello again,

To suggest that a Bayesian algorithm is merely a "guessing
game" is absurd.

SpamBayes examines two piles of messages, one that the user
considers "good" and the other "spam" and from that "learns"
the criteria that were in use.

Mine has NEVER characterized as spam a message that I wanted
to keep, and has over theses many years left in my Inbox no
more than a handful that I consider spam.

All the best,

 

[VanguardLH]

Hello again,

To suggest that a Bayesian algorithm is merely a "guessing
game" is absurd.

SpamBayes examines two piles of messages, one that the user
considers "good" and the other "spam" and from that "learns"
the criteria that were in use.

Mine has NEVER characterized as spam a message that I wanted
to keep, and has over theses many years left in my Inbox no
more than a handful that I consider spam.

All the best,

I know how the Bayesian scheme works by weighting words and storing them
in a database. Just what do YOU think is the "learning" process used?
Using statistics to judge whether or not an e-mail is ham or spam is
still making a guess. If the scheme were absolutely accurate (no
guessing) then everyone would use it and spam would immediately cease
everywhere. Statistical filtering is still a guessing scheme. I, too,
use Bayesian filters for years but I never lied to myself how it works.
A best guess (even with supporting statistics to compute probability) is
still a guess.

Rather than judge that Bayesian is so accurate as you describe, the OP
should go read up on how that scheme functions. Personal experiences
are of little value since the history of e-mails experienced by one user
is not the same as another. While most such filters include a
"learning" period, Bayesian is always learning. That's how the scheme
works.

http://en.wikipedia.org/wiki/Bayesian_spam_filtering
http://www.nationmaster.com/encyclopedia/Bayesian-decision-theory
http://www.paulgraham.com/spam.html
http://www.webopedia.com/TERM/B/Bayesian_filter.html

Don't mislead the OP into thinking Bayesian filtering is perfect. Often
is it insufficient as the only means of detecting spam but that depends
entirely on your particular history of receiving spam, if the spam
targets your filter to poison it (if you don't define a "floor" or
expiry on the records in your database), and so on. Few users know how
to best configure their Bayesian filter based on the e-mail traffic they
receive (which includes both ham and spam) provided the filter even lets
the user do any tweaks and has sufficient tweaks.

Bayesian is powerless against attachments to e-mail because those are
MIME encoded sections inside the body of the e-mail. The MIME part
would need to be decoded before it can be parsed on word boundaries or
strings before its historical records of past decisions and the computed
probability can be applied against the attached content. Spam that is
attached to an e-mail as a .gif or .pdf file will circumvent Bayesian
filters.

If you want proof that Bayesian filters are guessing schemes, name one
that doesn't let the user reclassify their e-mails to change ham to spam
(false negative) and spam to ham (false positive). It can guess wrong
and reclassification updates the database to weight the words towards
one end of the probability computation. Without reclassification,
you're stuck losing or having to recover good e-mails and with spam that
leaks past the filter.

 

[Kenneth]

I know how the Bayesian scheme works by weighting words and storing them
in a database. Just what do YOU think is the "learning" process used?
Using statistics to judge whether or not an e-mail is ham or spam is
still making a guess. If the scheme were absolutely accurate (no
guessing) then everyone would use it and spam would immediately cease
everywhere. Statistical filtering is still a guessing scheme. I, too,
use Bayesian filters for years but I never lied to myself how it works.
A best guess (even with supporting statistics to compute probability) is
still a guess.

Rather than judge that Bayesian is so accurate as you describe, the OP
should go read up on how that scheme functions. Personal experiences
are of little value since the history of e-mails experienced by one user
is not the same as another. While most such filters include a
"learning" period, Bayesian is always learning. That's how the scheme
works.

http://en.wikipedia.org/wiki/Bayesian_spam_filtering
http://www.nationmaster.com/encyclopedia/Bayesian-decision-theory
http://www.paulgraham.com/spam.html
http://www.webopedia.com/TERM/B/Bayesian_filter.html

Don't mislead the OP into thinking Bayesian filtering is perfect. Often
is it insufficient as the only means of detecting spam but that depends
entirely on your particular history of receiving spam, if the spam
targets your filter to poison it (if you don't define a "floor" or
expiry on the records in your database), and so on. Few users know how
to best configure their Bayesian filter based on the e-mail traffic they
receive (which includes both ham and spam) provided the filter even lets
the user do any tweaks and has sufficient tweaks.

Bayesian is powerless against attachments to e-mail because those are
MIME encoded sections inside the body of the e-mail. The MIME part
would need to be decoded before it can be parsed on word boundaries or
strings before its historical records of past decisions and the computed
probability can be applied against the attached content. Spam that is
attached to an e-mail as a .gif or .pdf file will circumvent Bayesian
filters.

If you want proof that Bayesian filters are guessing schemes, name one
that doesn't let the user reclassify their e-mails to change ham to spam
(false negative) and spam to ham (false positive). It can guess wrong
and reclassification updates the database to weight the words towards
one end of the probability computation. Without reclassification,
you're stuck losing or having to recover good e-mails and with spam that
leaks past the filter.

Hi again,

Your response brought a smile, and I thank you for that...

If you read what I have written, you will see that I merely
said that I have found MailWasher to be far less useful than
SpamBayes, and then explained my experiences.

There is the possibility that the OP will find that of
interest.

You will have to argue with someone else.

All the best,

 

[Dave Cohen]

Hi again,

Your response brought a smile, and I thank you for that...

If you read what I have written, you will see that I merely
said that I have found MailWasher to be far less useful than
SpamBayes, and then explained my experiences.

There is the possibility that the OP will find that of
interest.

You will have to argue with someone else.

All the best,

I think my reference to Mailwasher might have misled you all. My primary
reason for installing Mailwasher Pro is because I need to monitor a
number of accounts. One is my primary Verizon account and the others are
Hotmail accounts. Using Mailwasher is a lot more convenient than logging
into those accounts, I can monitor the mail, delete from server etc.
Very convenient. That it also marks messages as possible spam is an
incidental plus in my case and could be useful as a primary spam monitor
for others, but the alternatives should also be considered.
Dave Cohen
Dave Cohen

 

[FromTheRafters]

To suggest that a Bayesian algorithm is merely a "guessing
game" is absurd.

What is it then?

 

[VanguardLH]

What is it then?

He probably prefers to mask it behind "statistical filtering". Makes it
sound better.

 

[FromTheRafters]

He probably prefers to mask it behind "statistical filtering". Makes
it
sound better.

When I think of Bayes, I think of Three Card Monty or the Shell Game
with a twist. What is it, if not a guessing game?