postings here using real name lead to abuse by spammers : slightly ot ?

[Bill Woodruff]

I have, in the past, felt it a point of honor in posting on the public MS server groups, like this one, to use my real name, and my
real e-mail address, but lately e-mail messages by the hundreds are being sent out by spammers with fake headers so they look like
they come from my domain name. Sometimes these appear to have actually originated in Korea, sometimes in Europe.

If you have received one of these, I apologize. If anyone has any ideas what you can do to prevent being "joe jobbed," I'd love to
hear them.

I am under the impression that the typical ways of semi-disguising signing an e-mail involving letter substitution, or spelling out
dot, don't work these days.

thanks, Bill Woodruff
dotScience
Chiang Mai, Thailand

 

[Nicholas Paldino [.NET/C# MVP]]

Bill,

Join the club. I've been getting a number of invalid mailbox
notifications because some guy decided to use my domain name to send out
spam. I've been considering getting a certificate from Verisign just so
that I can attach it to all of my correspondence to indicate that the mail
that comes from me is actually from me.

I used to post my real email address, but I stopped that long ago. Not
long enough to make the problem go away (I get about 250 spam mails a day),
but it did stem the tide a little bit.

--
- Nicholas Paldino [.NET/C# MVP]
- (e-mail address removed)

I have, in the past, felt it a point of honor in posting on the public MS

server groups, like this one, to use my real name, and my

real e-mail address, but lately e-mail messages by the hundreds are being

sent out by spammers with fake headers so they look like

they come from my domain name. Sometimes these appear to have actually

originated in Korea, sometimes in Europe.

If you have received one of these, I apologize. If anyone has any ideas

what you can do to prevent being "joe jobbed," I'd love to

hear them.

I am under the impression that the typical ways of semi-disguising signing

an e-mail involving letter substitution, or spelling out

 

[Floyd Burger]

Bill,
I use my real name, but use a fake address from a newsreader that only has
this profile defined. I've had too many accidents where the newsreader
would put the wrong reply-to address in the message. The way I see it, if I
answer someone in a public newsgroup, or if I ask a question in a public
newsgroup, then the conversation should stay in the public newsgroup. If
someone wants to talk to me, or if I want someone to email me, I'll paste a
PNG or GIF image with my email address drawn on it, or paste an ASCII-art
rendition of my address. I have yet to see an address harvester read an
image or decipher an ASCI-art address.

--
Floyd Burger

I have, in the past, felt it a point of honor in posting on the public MS

server groups, like this one, to use my real name, and my

real e-mail address, but lately e-mail messages by the hundreds are being

sent out by spammers with fake headers so they look like

they come from my domain name. Sometimes these appear to have actually

originated in Korea, sometimes in Europe.

If you have received one of these, I apologize. If anyone has any ideas

what you can do to prevent being "joe jobbed," I'd love to

hear them.

I am under the impression that the typical ways of semi-disguising signing

an e-mail involving letter substitution, or spelling out

 

[Bob Powell [MVP]]

Munge your e-mail to fend off the robots and use a good spam tool. I
recommend MailWasher.

--
Bob Powell [MVP]
Visual C#, System.Drawing

Image transition effects, snap-to-grid and Layered Windows are
all discussed in May's edition of Well Formed for C# or VB programmers
http://www.bobpowell.net/currentissue.htm

Answer those GDI+ questions with the GDI+ FAQ
http://www.bobpowell.net/gdiplus_faq.htm

The GDI+ FAQ RSS feed: http://www.bobpowell.net/faqfeed.xml
Windows Forms Tips and Tricks RSS: http://www.bobpowell.net/tipstricks.xml
Bob's Blog: http://bobpowelldotnet.blogspot.com/atom.xml

I have, in the past, felt it a point of honor in posting on the public MS

server groups, like this one, to use my real name, and my

real e-mail address, but lately e-mail messages by the hundreds are being

sent out by spammers with fake headers so they look like

they come from my domain name. Sometimes these appear to have actually

originated in Korea, sometimes in Europe.

If you have received one of these, I apologize. If anyone has any ideas

what you can do to prevent being "joe jobbed," I'd love to

hear them.

I am under the impression that the typical ways of semi-disguising signing

an e-mail involving letter substitution, or spelling out

 

[Jon Skeet [C# MVP]]

Join the club. I've been getting a number of invalid mailbox
notifications because some guy decided to use my domain name to send out
spam. I've been considering getting a certificate from Verisign just so
that I can attach it to all of my correspondence to indicate that the mail
that comes from me is actually from me.

I used to post my real email address, but I stopped that long ago. Not
long enough to make the problem go away (I get about 250 spam mails a day),
but it did stem the tide a little bit.

The way I see it, you can't really do anything public and not receive
enough spam to require automated cleanup unless you make sure that
*everywhere* you leave your email address, you obfuscate it somehow. I
prefer to take the one-time hit of setting up spam removal and then
publish my email address wherever I like than make it difficult for the
various people who want to get in touch with me to do so.

I use the Spambayes Outlook plugin, and it catches almost all the spam
I get (which is a considerable amount).

 

[Ken Allen]

How does one go about "munging" their email address and still receive
notifications?

 

[Nicholas Paldino [.NET/C# MVP]]

Jon,

The bigger point that I am trying to get at is that the protocol itself
is crumbling under its own weight now. Personally, I use Cloudmark's
Spamnet, and it does a pretty good job (although people are now marking
delivery failures as spam, which is pretty sad).

Personally, I think that email should be replaced with web services
which provide the same functionality. If I don't want email from
unsolicited sources (people who don't have certificates, or can't identify
themselves in some way), then I just set up WS-Policy to reject it.
WS-ReliableMessaging will ensure that the message gets through, WS-Security
guarantees that the message is not tampered with, MTOM for attachements,
etc, etc. Everything we need is right there, we just have to get people who
want to send messages interested in being authenticated (which is no small
task).

In reality, that's the biggest issue, getting people who are sending
messages authenticated.

 

[Nicholas Paldino [.NET/C# MVP]]

Ken,

The idea is that if you want to contact the person, you will look and be
able to determine from what you see what the address should be. For
example, if the email address was:

(e-mail address removed)

Then you should be able to tell that the real email address is myemail
(at) hotmail (dot) com (I hope someone doesn't have that address, haha).
The idea is to present an email address that a human can decipher, but is
difficult to program logic against.

 

[Ignacio Machin \( .NET/ C# MVP \)]

Hi Bill,


Obfuscate your email in such a way that a person can read it and be able to
decode but that is difficult for a bot to realize that it's an email
address.

Creativity is the only tool combined with a good spam filter.

There is nothing else you can do

Cheers,

--
Ignacio Machin,
ignacio.machin AT dot.state.fl.us
Florida Department Of Transportation

I have, in the past, felt it a point of honor in posting on the public MS

server groups, like this one, to use my real name, and my

real e-mail address, but lately e-mail messages by the hundreds are being

sent out by spammers with fake headers so they look like

they come from my domain name. Sometimes these appear to have actually

originated in Korea, sometimes in Europe.

If you have received one of these, I apologize. If anyone has any ideas

what you can do to prevent being "joe jobbed," I'd love to

hear them.

I am under the impression that the typical ways of semi-disguising signing

an e-mail involving letter substitution, or spelling out

 

[Jon Skeet [C# MVP]]

The bigger point that I am trying to get at is that the protocol itself
is crumbling under its own weight now. Personally, I use Cloudmark's
Spamnet, and it does a pretty good job (although people are now marking
delivery failures as spam, which is pretty sad).

Personally, I think that email should be replaced with web services
which provide the same functionality. If I don't want email from
unsolicited sources (people who don't have certificates, or can't identify
themselves in some way), then I just set up WS-Policy to reject it.
WS-ReliableMessaging will ensure that the message gets through, WS-Security
guarantees that the message is not tampered with, MTOM for attachements,
etc, etc. Everything we need is right there, we just have to get people who
want to send messages interested in being authenticated (which is no small
task).

In reality, that's the biggest issue, getting people who are sending
messages authenticated.

While I certainly agree that SMTP in its current form isn't the future,
I disagree about the best policy for the moment. Once you've started
receiving a significant amount of spam, you definitely need it filtered
automatically. If you've already reached that stage, I see no point in
combining the disadvantages of munging your email address with the
disadvantages of getting spam - to me, 250 messages is as bad as 1000
messages, in that it's "too much to do by hand".

 

[J.Marsch]

I'm with you, I never publish my real email address on newsgroups. Another
thing that I've found useful: I use two email addresses. The first one is
the one that I give out to friends, legitimate business partners
(customers), etc. I use the second one on any web site that wants an email
registration -- anything from login registrations to purchases, etc. I have
an outlook rule that shoots anything from that second email address into a
junk mail folder. 99% of what goes in there is junk (I do have to sift
through for the occasional purchase receipt, etc). Meanwhile, my "real"
email address is almost spam free because so few people have it.

Bill,

Join the club. I've been getting a number of invalid mailbox
notifications because some guy decided to use my domain name to send out
spam. I've been considering getting a certificate from Verisign just so
that I can attach it to all of my correspondence to indicate that the mail
that comes from me is actually from me.

I used to post my real email address, but I stopped that long ago. Not
long enough to make the problem go away (I get about 250 spam mails a day),
but it did stem the tide a little bit.

--
- Nicholas Paldino [.NET/C# MVP]
- (e-mail address removed)

I have, in the past, felt it a point of honor in posting on the public

MS
server groups, like this one, to use my real name, and my

real e-mail address, but lately e-mail messages by the hundreds are

being
sent out by spammers with fake headers so they look like

they come from my domain name. Sometimes these appear to have actually

originated in Korea, sometimes in Europe.

If you have received one of these, I apologize. If anyone has any ideas

what you can do to prevent being "joe jobbed," I'd love to

hear them.

I am under the impression that the typical ways of semi-disguising

signing
an e-mail involving letter substitution, or spelling out

dot, don't work these days.

thanks, Bill Woodruff
dotScience
Chiang Mai, Thailand

 

[Jon Skeet [C# MVP]]

I'm with you, I never publish my real email address on newsgroups. Another
thing that I've found useful: I use two email addresses. The first one is
the one that I give out to friends, legitimate business partners
(customers), etc. I use the second one on any web site that wants an email
registration -- anything from login registrations to purchases, etc. I have
an outlook rule that shoots anything from that second email address into a
junk mail folder. 99% of what goes in there is junk (I do have to sift
through for the occasional purchase receipt, etc). Meanwhile, my "real"
email address is almost spam free because so few people have it.

How is that better than having one email address which is almost spam
free due to decent filtering, along with *not* having to sift through
for purchase receipts, and making it easy for real people to get in
touch with you if they want to?

 

[J.Marsch]

I guess the main reason that I haven't used SPAM filters is that I got
burned by some early ones (deleting mail that wasn't spam). In my case, I
was in the process of refinancing my home, and the SPAM filter deleted all
the emails that my mortgage lender was trying to send me. At the time, I
didn't know why I wasn't getting the mail, it took experimenting with
turning off the filter to find that it was the culprit. In another case, I
was working on a setup issue with an application, and the setup tool's tech
support couldn't send email to me -- turned out to be the SPAM filter again.
Since then, I just really don't trust SPAM filters to delete mail for me.

So I suppose that the bottom line for me is that I won't trust a SPAM filter
to delete mail for me. Therefore, I would only use SPAM filtering to
segregate mail into separate folders for review. By having a protected
email address, I can have more confidence that what goes into the junk
folder is really junk.

I guess it's philosophical for me. I don't believe in "intelligent"
software. The P4 CPU is unable to match the intelligence and complexity of
the brain in your average bunny rabbit. So any software that is truly
intelligent shouldn't have the clock power (running on a P4) to be able to
make a decision in my lifetime.

I'm cool with white lists and black lists, and "teaching" a computer through
absolute rules. But when it comes to the gray areas, you need intelligence
to solve the problem, and I prefer to leave that to a human.

 

[Jon Skeet [C# MVP]]

I guess the main reason that I haven't used SPAM filters is that I got
burned by some early ones (deleting mail that wasn't spam). In my case, I
was in the process of refinancing my home, and the SPAM filter deleted all
the emails that my mortgage lender was trying to send me. At the time, I
didn't know why I wasn't getting the mail, it took experimenting with
turning off the filter to find that it was the culprit. In another case, I
was working on a setup issue with an application, and the setup tool's tech
support couldn't send email to me -- turned out to be the SPAM filter again.
Since then, I just really don't trust SPAM filters to delete mail for me.

So I suppose that the bottom line for me is that I won't trust a SPAM filter
to delete mail for me. Therefore, I would only use SPAM filtering to
segregate mail into separate folders for review. By having a protected
email address, I can have more confidence that what goes into the junk
folder is really junk.

I guess it's philosophical for me. I don't believe in "intelligent"
software. The P4 CPU is unable to match the intelligence and complexity of
the brain in your average bunny rabbit. So any software that is truly
intelligent shouldn't have the clock power (running on a P4) to be able to
make a decision in my lifetime.

I'm cool with white lists and black lists, and "teaching" a computer through
absolute rules. But when it comes to the gray areas, you need intelligence
to solve the problem, and I prefer to leave that to a human.

Well, I don't think Spambayes would claim to be intelligent, but it
does a very good job on my mailbox. Every time I've had a look through
the things it reckons are *definitely* spam, they all are. I look
through my "probable spam" folder manually, and that gets about 20
messages a day, maybe one of which isn't spam. (That's not a problem to
do.)

This means I don't need to make it hard for people to get in touch with
me about my articles, etc.

 

[J.Marsch]

I have to say, that's a pretty good track record. If I were making a lot of
public posts -- articles and such as you are, I can see how I would have to
go down the filter route. As it is, my only public posts are on the NG,
which can be replied publicly. If it does that good a job of filtering your
inbox, maybe I'll have to give it a try.

 

[Jon Skeet [C# MVP]]

I have to say, that's a pretty good track record. If I were making a lot of
public posts -- articles and such as you are, I can see how I would have to
go down the filter route. As it is, my only public posts are on the NG,
which can be replied publicly. If it does that good a job of filtering your
inbox, maybe I'll have to give it a try.

It's definitely worth a try - but you have to give it a bit of time, as
it gets better the more spam and ham it knows about. If you happen to
have a load of spam you've previously received, that's a very good
start.