Email addresses read on machines by web sites, how?

[ByTor]

First, if this is not the proper forum than I'll apologize...I have been
to security NG's and it appears no one is responding....go figure.

My question is this......A friend of mine complained to me that he seems
to get an awful lot of "you" know what kind of spam in his email all the
time.....Of course my question to him was denied because I assume you
have to **visit** these sites first....Ooookay!

Obviously these spammers are smart and appear to avoid the various
"bouncers" blacklisters I've recommended....MailWasher Pro being one of
them.

He is using Internet Explorer, Outlook Express & Outlook, latest updates
and all that jazz.....

How do these sites do this? Is there a better software to use to block
this kind of reading? I mean how they hell do they do it?

I appreciate any feedback as he's ready to entirely change his email but
has been using it for years and it would be a shame to re-configure.

Thanks for any help.......

 

[Yves Leclerc]

The problem is that he did not "change" the email address when he posts to
newsgroups. Take a look at mine for an example.

I use Spampal to make the "spam" emails and I just delete them after. It is
NEVER a good thing to "bounce" the email back to eh "spammer" since this
would tell them that they hit a valid email address.

 

[Sharon F]

First, if this is not the proper forum than I'll apologize...I have been
to security NG's and it appears no one is responding....go figure.

My question is this......A friend of mine complained to me that he seems
to get an awful lot of "you" know what kind of spam in his email all the
time.....Of course my question to him was denied because I assume you
have to **visit** these sites first....Ooookay!

Obviously these spammers are smart and appear to avoid the various
"bouncers" blacklisters I've recommended....MailWasher Pro being one of
them.

He is using Internet Explorer, Outlook Express & Outlook, latest updates
and all that jazz.....

How do these sites do this? Is there a better software to use to block
this kind of reading? I mean how they hell do they do it?

I appreciate any feedback as he's ready to entirely change his email but
has been using it for years and it would be a shame to re-configure.

Thanks for any help.......

Many ways for spammers to get addresses. A few:

The majority that I get have a recipient list that appears to have been
generated with a "dictionary" type of progression. Registering software at
a website with a less than pristine privacy policy. Or registering at a
site that has a good policy but then the entire company (and its databases)
are sold to another party.

If you peek at spam with HTML and show images enabled, anything from a full
blown picture to a tiny 1 pixel image will be called from the spammer's
website. You've just validated your email address to the sender and can
look forward to more spam. Plain text email without images is as ugly as
sin (and can be difficult to read) but will not contact any websites.

Many ways for them to get around filters and message rules. As fast as a
hole is plugged in a filter, new ones are found and used.

I think spam is as much a fact of life as junk mail. A new name will reduce
the spam count for a while but it will eventually increase.

Alternative: Create a "junkmail account" for internet use, registering
software, downloading trial products, etc. View a site's privacy policy
before submitting info that requires the inclusion of an email address.

Limit the use of your "real" address for correspondence with friends,
family and other important things. You'll still get spam on this name but
not as much.

 

[ByTor]

The problem is that he did not "change" the email address when he posts to
newsgroups. Take a look at mine for an example.

NG's aren't the prob....He knows this, any knowledgable person would
know NG emails can be scanned with bots.....The initial prob is "porn"
sites...Should have stated that, but my buddy won't admit visiting them,
or someone....

I use Spampal to make the "spam" emails and I just delete them after. It is
NEVER a good thing to "bounce" the email back to eh "spammer" since this
would tell them that they hit a valid email address.

This is true, actually never thought of that in that context....

Thank You.......

 

[Mike Robinson]

NG's aren't the prob....He knows this, any knowledgable person would
know NG emails can be scanned with bots.....The initial prob is "porn"
sites...Should have stated that, but my buddy won't admit visiting them,
or someone....

Umm it dosent matter if its porn spam, toy spam, weight loss spam, viagra
spam they all are harvested from the same places.
You dont have to visit a porn site to get spammed by porn sites!

 

[ByTor]

Many ways for spammers to get addresses. A few:

The majority that I get have a recipient list that appears to have been
generated with a "dictionary" type of progression. Registering software at
a website with a less than pristine privacy policy. Or registering at a
site that has a good policy but then the entire company (and its databases)
are sold to another party.

Oh my buddy, as well as I, are *Very* hesitant registering anywhere. But
I do see your point.....Sort of like a mass mailing company buying
contacts in the regular postal system and companies willing to sell
them....Bas!@#$s....I've actually caught 2 sites that have done that,
traced it back and gave them *FAIR* warning.... ;0)

If you peek at spam with HTML and show images enabled, anything from a full
blown picture to a tiny 1 pixel image will be called from the spammer's
website. You've just validated your email address to the sender and can
look forward to more spam. Plain text email without images is as ugly as
sin (and can be difficult to read) but will not contact any websites.

Many ways for them to get around filters and message rules. As fast as a
hole is plugged in a filter, new ones are found and used.

I've come to realize this as the origin is changed to a mere copy of the
the email being spammed....Slick, slick, slick....Can't respond to those
I suppose.

I think spam is as much a fact of life as junk mail. A new name will reduce
the spam count for a while but it will eventually increase.

Oh for sure........

Alternative: Create a "junkmail account" for internet use, registering
software, downloading trial products, etc. View a site's privacy policy
before submitting info that requires the inclusion of an email address.

Limit the use of your "real" address for correspondence with friends,
family and other important things. You'll still get spam on this name but
not as much.

Sure this is an excellent suggestion and rightly so......But
hypothetically lets say you create an entirely new one, wipe all traces
of your old, never use the new email at all and after viewing a few of
these "unfriendly ugly" sites (should of stated that earlier, I'm sure
you knew what I meant, my friend is denying this) and all of a sudden
boom, spam on the newly created one......I'm wondering if it can just be
read straight from your setup in OE or Outlook......That's where my main
issue lies.........Don't get me wrong I'm not advocating these "type" of
sites or trying to learn how to safely browse them, but they are the
nastiest when it comes to doing things that are not very nice....I just
want to educate myself a little on the possibilities that they may in
fact grabbing your Master email right off your machine.

Thank You Sharon, as usual a fine explanation.... ;0)

 

[ByTor]

Umm it dosent matter if its porn spam, toy spam, weight loss spam, viagra
spam they all are harvested from the same places.
You dont have to visit a porn site to get spammed by porn sites!

I understand this, but it's wildly coincidental that after running an
expirement visiting these sites 20min's later 5 emails of porno to the
master account.....I would say that's rather odd..........

Thanks..........

 

[Michael Solomon \(MS-MVP\)]

Just to clarify a bit, any time you type in an e-mail address anywhere on
the Internet for any purpose you run a risk. It's not only a question of
whether or not the addresses are sold, ads on the site can sometimes hook
into other data, often the webmaster at the site is completely unaware.
Further, they don't have to have sold ads to porn sites, it's possible the
ad seemed perfectly innocuous in that regard.

Personally, I've even grown suspicious of the setup of a new web based
e-mail account. I've heard numerous stories of people who start receiving
spam no sooner than the account is established without ever having used it.
My guess is, the are using a similar routine and they use bots to comb these
sites as well.

Aside from working behind a router and a firewall which really won't protect
you is you use your e-mail address as described, one of the things I do is
establish an e-mail address for the specific purpose of using when I'm
online, registering or doing virtually anything that calls for such an
address. I have a private e-mail address which I never use except with
regard to giving it to individuals.

Also, some ISPs are better about filtering spam than others. Of course,
it's not entirely the ISP's fault. AOL has such a large group of customers,
they are a tantalizing target. With regard to spam filtering, I've had good
success with Earthlink but your mileage may vary.

Finally, there's the issue of the type of address you establish. Most
newbies start their Internet experience by establishing an e-mail address
that is some derivation of their own name. Not only do spammers use Bots,
they have programs that generate random combinations of names and use a
scattershot approach. Then, all they need to do is add "@" and the domain.
Hence, you should use some random alpha-numeric combination and nothing that
even remotely resembles a name or a spammer will pick you up simply by
random chance of creating the right combination, as in, they'll send to
whole combinations of "Smiths," A. Smith, B. Smith, C. Smith, all "@" the
same domain. Now, imagine all the different names, they have a whole host
of possibilities.

From my own point of view, establish a good pop3 e-mail address, test for
awhile, only giving it to your friends but using it nowhere else, then
establish web based address you use for all your sign-in, registration or
whatever e-mail request web activities you have and let that address collect
your spam.

Also, if you have a webpage with your e-mail address listed on the page,
spammers can pick that up as well. If you are experienced in HTML, I
believe there's a way to code that so as to avoid that possibility but most
people with webpages are not coding them, they use the software offered by
the site which is usually a template and if there's a space for "Contact" or
"Contact me," spammers can usually pick that up.

If you go to a porn site, turn your cookies off, in other words, allow none
and right after you leave, to play safe on the General Tab of Internet
Properties, hit Delete Cookies, Delete Files (accept the offer to delete all
offline files) and click "Clear History." Do this after you close the
browser and go nowhere else until you perform that function.

--
In memory of our dear friend, MVP Alex Nichol.

Michael Solomon MS-MVP
Windows Shell/User
https://mvp.support.microsoft.com/communities/mvp.aspx
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

 

[ByTor]

Just to clarify a bit, any time you type in an e-mail address anywhere on
the Internet for any purpose you run a risk. It's not only a question of
whether or not the addresses are sold, ads on the site can sometimes hook
into other data, often the webmaster at the site is completely unaware.
Further, they don't have to have sold ads to porn sites, it's possible the
ad seemed perfectly innocuous in that regard.

Personally, I've even grown suspicious of the setup of a new web based
e-mail account. I've heard numerous stories of people who start receiving
spam no sooner than the account is established without ever having used it.
My guess is, the are using a similar routine and they use bots to comb these
sites as well.

Aside from working behind a router and a firewall which really won't protect
you is you use your e-mail address as described, one of the things I do is
establish an e-mail address for the specific purpose of using when I'm
online, registering or doing virtually anything that calls for such an
address. I have a private e-mail address which I never use except with
regard to giving it to individuals.

Also, some ISPs are better about filtering spam than others. Of course,
it's not entirely the ISP's fault. AOL has such a large group of customers,
they are a tantalizing target. With regard to spam filtering, I've had good
success with Earthlink but your mileage may vary.

Finally, there's the issue of the type of address you establish. Most
newbies start their Internet experience by establishing an e-mail address
that is some derivation of their own name. Not only do spammers use Bots,
they have programs that generate random combinations of names and use a
scattershot approach. Then, all they need to do is add "@" and the domain.
Hence, you should use some random alpha-numeric combination and nothing that
even remotely resembles a name or a spammer will pick you up simply by
random chance of creating the right combination, as in, they'll send to
whole combinations of "Smiths," A. Smith, B. Smith, C. Smith, all "@" the
same domain. Now, imagine all the different names, they have a whole host
of possibilities.

From my own point of view, establish a good pop3 e-mail address, test for
awhile, only giving it to your friends but using it nowhere else, then
establish web based address you use for all your sign-in, registration or
whatever e-mail request web activities you have and let that address collect
your spam.

Here is where I definately started to become aware of what you are
explaining...........This is the part that strikes me.....Some sites
retain typed items in the log in box.....Sort of like dbl clicking in
the google search bar and see the 50 million searches you've ever
done....Even though various cleaners are used to wipe
"Autocomplete"(which I remove check marks from autocomplete to not save
anything) and all that jazz.......I'ts kinda scary but the only sites
that I may use an actual email sign in is Credit Card Payment sites or
others that require an email for sign in.....But those are "supposed to
be secure" and remove an autocomplete type of fill in and not retain
it....Wow, that is scary........But your suggestion on using a junk mail
for even those is a very good one.......

I did a test once way back when when hotmail was first introduced to be
configured in Outlook Express....No sooner did I create a **brand** new
account, went to a dozen or so malicious sites, 30 min later it was
flooded with porn....Geeeeez! I've had an account with Hotmail for years
on the web page and maybe seen two spams for porn......That was scary,
almost as if they reached in to the machine & plucked out the new email
account...........

Also, if you have a webpage with your e-mail address listed on the page,
spammers can pick that up as well. If you are experienced in HTML, I
believe there's a way to code that so as to avoid that possibility but most
people with webpages are not coding them, they use the software offered by
the site which is usually a template and if there's a space for "Contact" or
"Contact me," spammers can usually pick that up.

If you go to a porn site, turn your cookies off, in other words, allow none
and right after you leave, to play safe on the General Tab of Internet
Properties, hit Delete Cookies, Delete Files (accept the offer to delete all
offline files) and click "Clear History." Do this after you close the
browser and go nowhere else until you perform that function.

Thank You Michael, I found this very educating............

 

[Michael Solomon \(MS-MVP\)]

You're welcome, good luck.

--
In memory of our dear friend, MVP Alex Nichol.

Michael Solomon MS-MVP
Windows Shell/User
https://mvp.support.microsoft.com/communities/mvp.aspx
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/