The infamous email shuffle words virus or something

[RayLopez99]

Ever had an email you send out come back at you as spam? For example,
in your email to a friend, which let's assume is in unencrypted POP
server form, is sent by Outlook and has the words "walk in the park".
Then, in the next hour or so, you get spam that mentions "walk in the
park" along with the usual Viagra spam ad. Your email back at you
with spam in it.

What causes this? I once had to clean an infected computer that
displayed this symptom and it was a virus that manipulated Outlook
outgoing messages. But my system is clean. So one of two
possibilities: some agent is listening to my outgoing email server,
and intercepting emails (since the emails are not encrypted), or, it's
just a coincidence that "walk in the park" was used, since it's a
somewhat common phrase.

Any other ideas?

RL

 

[FromTheRafters]

Ever had an email you send out come back at you as spam? For example,
in your email to a friend, which let's assume is in unencrypted POP
server form, is sent by Outlook and has the words "walk in the park".
Then, in the next hour or so, you get spam that mentions "walk in the
park" along with the usual Viagra spam ad. Your email back at you
with spam in it.

What causes this? I once had to clean an infected computer that
displayed this symptom and it was a virus that manipulated Outlook
outgoing messages. But my system is clean. So one of two
possibilities: some agent is listening to my outgoing email server,
and intercepting emails (since the emails are not encrypted), or, it's
just a coincidence that "walk in the park" was used, since it's a
somewhat common phrase.

Any other ideas?

RL

Maybe the person that you sent the e-mail to has an infestation.

 

[RayLopez99]

Maybe the person that you sent the e-mail to has an infestation.

Yes, I thought of that. It occurred to me just after I posted.

On another note: it is possible to send somebody's email to an "opt
in" spam site? That is, analogous to a junk mail service, where you
can send (an enemy's) postal mail address to this service to get the
service to send junk mail to the postal mail address, is there
something equivalent in the internet world? That way you can forward
an email to this site, and the person's email address will get
bombarded with spam.

RL

 

[Etal]

Ever had an email you send out come back at you as spam? For
example, in your email to a friend, which let's assume is in
unencrypted POP server form, is sent by Outlook and has the
words "walk in the park". Then, in the next hour or so, you
get spam that mentions "walk in the park" along with the usual
Viagra spam ad. Your email back at you with spam in it.
[snip]

... So one of two possibilities: some agent is listening to
my outgoing email server, and intercepting emails ...

Not just one, but many agents are listening.
Agents at both governmental organizations and private
corporations. Echelon, FBI, Google, /et cetera/ /ad nauseam/
somewhat depending on your location and the path your message takes.

 

[FromTheRafters]

Yes, I thought of that. It occurred to me just after I posted.

On another note: it is possible to send somebody's email to an "opt
in" spam site? That is, analogous to a junk mail service, where you
can send (an enemy's) postal mail address to this service to get the
service to send junk mail to the postal mail address, is there
something equivalent in the internet world? That way you can forward
an email to this site, and the person's email address will get
bombarded with spam.

RL

Probably not so much for legitimate junk mail, but there are ways to get
an e-mail address noticed by spammers or worms that are harvesting
e-mail addresses. Here on Usenet is one such place, many samples of the
"Swen" harvested the old fake e-mail address I used to use here.

None of that would explain the possible coincidence of the "walk in the
park" phrase, but you *did* say 'on another note'.

 

[RayLopez99]

RayLopez99 wrote:

Not just one, but many agents are listening.
Agents at both governmental organizations and private
corporations. Echelon, FBI, Google, /et cetera/ /ad nauseam/
somewhat depending on your location and the path your message takes.

I wonder how true this is. When you send a ping sometimes there's
only a few nodes inbetween your PC and your email destination, so I'm
not so sure about "et cetera". http://en.wikipedia.org/wiki/Echelon_(signals_intelligence)
- Echelon sounds like Urban Legend though I'm sure you know more than
me on this.

Still, I agree that potential for mischief in reading emails exists,
though in practice so much traffic flows and due to memory constraints
I doubt emails are kept more than a few days on most email relay
servers, and perhaps up to two weeks for anonymous servers due to
legal requirements.

RL

 

[Shadow]

Yes, I thought of that. It occurred to me just after I posted.

Probably someone listening, or with access to the mail
folders. BTW, why don't you use ssl on your emails. ? They will be
world readable otherwise.

On another note: it is possible to send somebody's email to an "opt
in" spam site? That is, analogous to a junk mail service, where you
can send (an enemy's) postal mail address to this service to get the
service to send junk mail to the postal mail address, is there
something equivalent in the internet world? That way you can forward
an email to this site, and the person's email address will get
bombarded with spam.

Yes, it's possible, easy even.
By the way, if that email address your headers is real, the
spambots have picked it up ions ago.
[]'s

 

[RayLopez99]

        Probably someone listening, or with access to the mail
folders. BTW, why don't you use ssl on your emails. ? They will be
world readable otherwise.

Shadow can you tell me why SSL would work? In the past I've never
used it, though it's available from my ISP. SSL would only protect
the "first connection" from your PC to the ISP's server, correct?
Then it would have to be decoded to plain ASCII, no? Otherwise, how
would a recipient (the final node in the link in the email chain), who
gets your email, be able to read it if it's SSL encrypted and that
person does not have an SSL enabled server? Or is the assumption that
everybody in the world now (including those living in remote parts of
the world) has an SSL capable email server? Thanks in advance or to
anybody else reading this.

        Yes, it's possible, easy even.
        By the way, if that email address your headers is real, the
spambots have picked it up ions ago.

I know. That's why my email account at Gmail is always full of spam,
but I only use this account for Google Groups.

RL

 

[Shadow]

Shadow can you tell me why SSL would work? In the past I've never
used it, though it's available from my ISP. SSL would only protect
the "first connection" from your PC to the ISP's server, correct?
Then it would have to be decoded to plain ASCII, no? Otherwise, how
would a recipient (the final node in the link in the email chain), who
gets your email, be able to read it if it's SSL encrypted and that
person does not have an SSL enabled server? Or is the assumption that
everybody in the world now (including those living in remote parts of
the world) has an SSL capable email server? Thanks in advance or to
anybody else reading this.

If you use gmail, and enable encryption, your mail would go
ssl encrypted all the way to google. And encrypted from google to the
recipient's mail server.
If the guy you wrote to accesses his mail without encryption,
sure, the mail will be delivered read-for-all. Could be easily sniffed
out.
But it's almost impossible to find a server without
encryption, and most modern mail clients enable it by default.
Check the port you use for mail. If it's 995/465 it's
encrypted. If it's 110/25 it's not.
If you use a browser for mail, it should have the little lock
at the bottom, and an https:// header in the address bar. Some sites,
like hotmail, do not enable it by default, but you can do it in
preferences.
Hope this helped.
(won't go into MITM attacks)

 

[Dustin]

Ever had an email you send out come back at you as spam? For example,
in your email to a friend, which let's assume is in unencrypted POP
server form, is sent by Outlook and has the words "walk in the park".
Then, in the next hour or so, you get spam that mentions "walk in the
park" along with the usual Viagra spam ad. Your email back at you
with spam in it.

What causes this? I once had to clean an infected computer that
displayed this symptom and it was a virus that manipulated Outlook
outgoing messages. But my system is clean. So one of two
possibilities: some agent is listening to my outgoing email server,
and intercepting emails (since the emails are not encrypted), or, it's
just a coincidence that "walk in the park" was used, since it's a
somewhat common phrase.

Any other ideas?

RL

I'm just waiting to see how you attempt to educate those foolish enough
to try and help you.

 

[FromTheRafters]

Shadow can you tell me why SSL would work? In the past I've never
used it, though it's available from my ISP. SSL would only protect
the "first connection" from your PC to the ISP's server, correct?

It would be encrypted while traveling from your computer to the computer
it negotiated the SSL with. It would keep doing this by re-negotiating
on every session until it arrived at the computer mailbox (unencrypted)
for the recipient.

Then it would have to be decoded to plain ASCII, no?

Yes, and at the socket layer before the client (the mailbox) gets it and
holds it for the mail client (OE for instance) to retrieve.

 

[RayLopez99]

        If you use gmail, and enable encryption,  your mail would go
ssl encrypted all the way to google. And encrypted from google to the
recipient's mail server.
         If the guy you wrote to accesses his mail without encryption,
sure, the mail will be delivered read-for-all. Could be easily sniffed
out.

So the assumption you are making--and I'm sure it's probably right--is
that nowadays all nodes (or email relays) between your ISP and the
target destination are accommodative of SSL, meaning they support
SSL. Even if the 'guy you wrote to' has set his Outlook (remember, we
are talking about POP3 not IMAP/browser based email clients) to port
110/25, the other 'chains in the link' will accommodate SSL and up to
the last "guy you wrote to" your email will be encrypted and not
readable by the world. That is I suppose a fair assumption, but just
to keep things as simple as possible I've always used unencrypted
email in the past. And, like the above indicates (if I am correct),
at some point in the chain, if your destination uses 110/25 (i.e. does
not encrypt his POP3 connection) then the email will be unencrypted at
this last link and available to the world to see, correct? Meaning
the "guy you wrote to"'s ISP will be able to read your email.

        But it's almost impossible to find a server without
encryption, and most modern mail clients enable it by default.

I see. This is the key assumption. Anybody else care to verify this,
please feel free to. I will research the issue online a bit more and
then probably switch to SSL

        Check the port you use for mail. If it's 995/465 it's
encrypted. If it's 110/25 it's not.

Yes, this is what my ISP also says, thank you.

        If you use a browser for mail, it should have the little lock
at the bottom, and an https:// header in the address bar. Some sites,
like hotmail, do not enable it by default, but you can do it in
preferences.

I don't use browser for mail except at Hotmail, which is my IMAP
account but Outlook is my main email POP3 client.

RL

 

[RayLopez99]

I'm just waiting to see how you attempt to educate those foolish enough
to try and help you.

I educate you, Foolish Dustbin. Taking you to skool, trollbait.

RL

 

[RayLopez99]

It would be encrypted while traveling from your computer to the computer
it negotiated the SSL with. It would keep doing this by re-negotiating
on every session until it arrived at the computer mailbox (unencrypted)
for the recipient.

OK, thanks, I got that. I am guessing that at every handshake the
computers negotiate SSL based on a certificate going back and forth,
and I'm guessing that this would slow down delivery of your email
some, even if said email might be compressed if encrypted.

Yes, and at the socket layer before the client (the mailbox) gets it and
holds it for the mail client (OE for instance) to retrieve.

OK. See also my reply to Shadow and feel free to add any further
comments. Thank you.

RL

 

[FromTheRafters]

OK, thanks, I got that. I am guessing that at every handshake the
computers negotiate SSL based on a certificate going back and forth,
and I'm guessing that this would slow down delivery of your email
some, even if said email might be compressed if encrypted.

Based in part on a (pseudo) random number (pre-secret) each party
generates that gets concatenated after each passes that number to each
other covered by the key in the certificate. The resulting session key
is unique to that session. The servers handle the e-mails in the normal
manner and if another SSL session is required another one is negotiated
and another unique key is generated and the mail is re-encrypted and sent.

OK. See also my reply to Shadow and feel free to add any further
comments. Thank you.

I would like to clarify a point. My misstatement above - the mailbox is
not really a client it is a server. A minor point, but it was bugging
me. My point was only that it is like encrypted voice communication,
eavesdropping can be done in the room where the voices are heard, but
*not* on the wire connecting them.

 

[Dustin]

I educate you, Foolish Dustbin. Taking you to skool, trollbait.

It'll be years before you have any knowledge that I would require. And
even then, that's being generous. See, I already know the stuff you ask
questions about. I've played both sides of the fence and you're still
playing tiddlywinks. Whether you like it or not, you are my bitch, not
the other way around.

 

[RayLopez99]

It'll be years before you have any knowledge that I would require. And
even then, that's being generous. See, I already know the stuff you ask
questions about. I've played both sides of the fence and you're still
playing tiddlywinks. Whether you like it or not, you are my bitch, not
the other way around.

Riiiggght shiite head. Not.

Please answer this question: how is email read hostilely, by a third
part? Please describe a typical scenario. The silence is deafening.

Go play with your fence now dunce.

RL

 

[Shadow]

So the assumption you are making--and I'm sure it's probably right--is
that nowadays all nodes (or email relays) between your ISP and the
target destination are accommodative of SSL, meaning they support
SSL. Even if the 'guy you wrote to' has set his Outlook (remember, we
are talking about POP3 not IMAP/browser based email clients) to port
110/25, the other 'chains in the link' will accommodate SSL and up to
the last "guy you wrote to" your email will be encrypted and not
readable by the world. That is I suppose a fair assumption, but just
to keep things as simple as possible I've always used unencrypted
email in the past. And, like the above indicates (if I am correct),
at some point in the chain, if your destination uses 110/25 (i.e. does
not encrypt his POP3 connection) then the email will be unencrypted at
this last link and available to the world to see, correct? Meaning
the "guy you wrote to"'s ISP will be able to read your email.

Anyone with permission to look at the mailbox at the ISP can
read the mail. SSL is used only during the transmission.

I see. This is the key assumption. Anybody else care to verify this,
please feel free to. I will research the issue online a bit more and
then probably switch to SSL

www.gawab.com does not use encryption. Probably the only big
one that does not.

Yes, this is what my ISP also says, thank you.

Well use it, there are no disadvantages

 

[RayLopez99]

On Wed, 18 May 2011 05:10:50 -0700 (PDT), RayLopez99


        Anyone with permission to look at the mailbox at the ISP can
read the mail. SSL is used only during the transmission.



       www.gawab.com does not use encryption. Probably the only big
one that does not.

We seems to have a minor disconnect, unless I'm mistaken. You are
referring to gawab.com as apparently an email client that works
through the browser (from what I can tell from their website). I am
referring to the ISP email server. I think every ISP email server in
the chain of email servers going from the sender to the recipient in
an SSL secured email has to support SSL or your email will not be
transmitted properly. So my question was: is 99.9999% of the world's
email servers "SSL capable"? If so, then you have no or almost no
worries using SSL in your Outlook email program. If not, there's a
chance somebody in some remote part of the world (say Zimbabwe) will
not be able to read an email of your sent by SSL.

Also consider this: somebody on the net said that SSL encrypted email
is secure in transit, but, it is not secure (and unencrypted) while
sitting on an email server. This person claims that many of the email
breaches (i.e., people reading your email) occur while this
unencrypted email is sitting on some email server, not when it is in
transit. So SSL encrypted email is of limited use in this case.
Agree or disagree?

RL

 

[Shadow]

We seems to have a minor disconnect, unless I'm mistaken. You are
referring to gawab.com as apparently an email client that works
through the browser (from what I can tell from their website).

Gawab allows pop connections, ports 110 and smtp port 25 only.

I am
referring to the ISP email server. I think every ISP email server in
the chain of email servers going from the sender to the recipient in
an SSL secured email has to support SSL or your email will not be
transmitted properly. So my question was: is 99.9999% of the world's
email servers "SSL capable"? If so, then you have no or almost no
worries using SSL in your Outlook email program. If not, there's a
chance somebody in some remote part of the world (say Zimbabwe) will
not be able to read an email of your sent by SSL.

I would say that 99.9999% of ISPs have ssl. A handfull do not
use ssl on their mail servers.( So they receive mail from google with
ssl, but users have to use unencrypted connections to access it -
risking password stealing and privacy issues)

Also consider this: somebody on the net said that SSL encrypted email
is secure in transit, but, it is not secure (and unencrypted) while
sitting on an email server. This person claims that many of the email
breaches (i.e., people reading your email) occur while this
unencrypted email is sitting on some email server, not when it is in
transit. So SSL encrypted email is of limited use in this case.
Agree or disagree?

No. ISP employees would quickly get the sack if found selling
OP's mail details. The easiest way to get someone's email if the
person uses ports 110 or 25, is to plug a sniffer into the cable or
sniff the wireless,They could sniff out your password that way too.
If you use ssl, the only practical way would be with a MITM
attack, and only if you accept the rogue certificate.
http://en.wikipedia.org/wiki/Man-in-the-middle_attack
I wouldn't worry too much about those. If a box pops up in
your email client asking if you accept a new certificate, just say no,
then call the ISP.
[]'s