Following up to Bob Hobden

Any control must be better than now, we get about 100 spam's per day.

Do not disclose your email on usenet[1].
Encrypt your email on webpages.[2]
Then start with a new email with a reputable ISP and you should
only get a few.
1] If you want the code I can post it.

2] Use a dustbin email address here, this stops mail bouncing
back to maliciously forged innocent addresses and haves the junk
flying about.
Some news services like Uni. Berlin insist on a valid address for
this reason.
--
Mike Reid
"Art is the lie that reveals the truth" P.Picasso
Walking-food-photos, Wasdale, Thames, London etc "http://www.fellwalk.co.uk" -- you can email us@ this site
and same for Spain at "http://www.fell-walker.co.uk" -- dontuse@ all, it's a spamtrap

On Mon, 1 Dec 2003 08:56:44 -0000, "Martin Sykes"
wrote:

I recently got some spam where the forged return address was myself so it
kept getting bounced round until I spotted it.

I found it quite amusing at the time...

LOL I have had the same, but I don't bounce mail.
--
Martin

On Mon, 01 Dec 2003 12:14:05 +0000, Reid
wrote:


Some news services like Uni. Berlin insist on a valid address for
this reason.

They will also accept which has a valid format, but is
certainly not my e-mail address.
--
Martin

In message , martin
writes
On Sun, 30 Nov 2003 16:43:35 +0000, Jane Ransom
wrote:

In article , martin
writes

(4) some innocent victim of her bounces will formally complain to her
ISP about her spamming, eventually.

How will they distinguish between a bounce and an invalid address used
initially by the spammer?

They will see the spam coming from you, not the original sender.

Depends on how the bouncing is done. Anything I bounce goes back to the
address in the return path complete with all the spammers forged
headers. It is then up to the unfortunate on the receiving end to decode
them and complain about the forgery to the spammers ISP or more likely
the dumb sysop with the open mail relay (or his ISP).

If they also use bouncing, you will get it straight back.

Bounces of bounces are prevented by having a null return path to avoid
endless loops.

I contacted demon recently because of what people were saying on this
thread - their advice was . . . . continue bouncing.

but then again Demon thinks that spam can't be identified and tagged.

All that bouncing does is waste bandwidth and server resources.
Somebody in Demon deserves the sack.

Bouncing tells the sender (or whoever appears in the return-path) that
their mail could not be delivered. Blocked by local policy or no such
user.

Opinion in Demon and amongst Demon users is divided on the usefulness of
bouncing. It isn't ideal, but then neither is simulating a black hole.

Bouncing Swen for instance seems much preferable to accepting it and at
least alerts the owner of the infected PC to their problem.

Regards,
--
Martin Brown

Following up to martin

Some news services like Uni. Berlin insist on a valid address for
this reason.

They will also accept which has a valid format, but is
certainly not my e-mail address.

the reason I didn't use that is killfiles often work on email
address, you could get dumped along with some troll.
--
Mike Reid
"Art is the lie that reveals the truth" P.Picasso
Walking-food-photos, Wasdale, Thames, London etc "http://www.fellwalk.co.uk" -- you can email us@ this site
and same for Spain at "http://www.fell-walker.co.uk" -- dontuse@ all, it's a spamtrap

On Mon, 1 Dec 2003 12:44:26 +0000, Martin Brown
wrote:


Bouncing Swen for instance seems much preferable to accepting it and at
least alerts the owner of the infected PC to their problem.

It's hardly likely. Swen does not use the address of the infected PC.
The correct action is to ignore and delete it, preferably at server
level.
--
Martin

In article , Martin Brown
writes

Bounces of bounces are prevented by having a null return path to avoid
endless loops.

I'm glad you sent that post!!
We seem to have been put on a porn list at an address which is a mixture
of my work id and our demon id. After this thread I was worried about
ping pong bounces - but you have set my mind at rest
I wish demon had told me the same!!!!
--
Jane Ransom in Lancaster.
I won't respond to private emails that are on topic for urg
but if you need to email me for any other reason, put ransoms
at jandg dot demon dot co dot uk where you see

On Mon, 1 Dec 2003 14:46:44 +0000, Jane Ransom
wrote:

In article , Martin Brown
writes

Bounces of bounces are prevented by having a null return path to avoid
endless loops.

I'm glad you sent that post!!
We seem to have been put on a porn list at an address which is a mixture
of my work id and our demon id. After this thread I was worried about
ping pong bounces - but you have set my mind at rest

All you have to do now is to worry about bouncing to the innocent
victims of header forgery.

I wish demon had told me the same!!!!

All we need now is an explanation from the person who suffered from
his/her own bounces.

I haven't had a worm or a virus since 1999, I did receive several
mails from system managers, as far away as Chile, informing me that I
was posting Swen viruses.
--
Martin

In article , martin
writes

All you have to do now is to worry about bouncing to the innocent
victims of header forgery.

Been there, experienced that, read the book, seen the film . . . .
Life is tough in the jungle ((((((((
--
Jane Ransom in Lancaster.
I won't respond to private emails that are on topic for urg
but if you need to email me for any other reason, put ransoms
at jandg dot demon dot co dot uk where you see

On Mon, 1 Dec 2003 16:00:41 +0000, Jane Ransom
wrote:

In article , martin
writes

All you have to do now is to worry about bouncing to the innocent
victims of header forgery.

Been there, experienced that, read the book, seen the film . . . .
Life is tough in the jungle ((((((((

:-)
--
Martin

On Mon, 1 Dec 2003 12:44:26 +0000, Martin Brown wrote:

...Anything I bounce goes back to the
address in the return path complete with all the spammers forged
headers. It is then up to the unfortunate on the receiving end to decode
them and complain about the forgery to the spammers ISP or more likely
the dumb sysop with the open mail relay (or his ISP).

That kind of "bounce" is worse than useless and merely aggravates
the problems caused by spam. Stop it right now.

[If I'm repeating myself in what follows, apologies.]

There are two distinct types of e-mail bounces:

1. The kind you describe, where the entire message is received by
a POP server, then forwarded, either by the server or by an
e-mail program under user control, to the address in the
"Return-path:" header. This is what's described above.

2. The other kind is where the destination SMTP/POP server
refuses to accept a message and returns an error code to the
originating SMTP server. This is what you get if you send e-mail
to a non-existent address.

It sounds like lots of people don't understand how e-mails are
sent. They are in three parts, which are transmitted in this
order:

1. The "envelope", which says who the message is for. This is
normally invisible to the end recipient because it is stripped
off by most POP servers. The envelope may also contain the size
of the message within and a small amount of other data.

2. The "headers", starting with "Received:" headers, most recent
first. Every server that a given e-mail passes through adds a
"Received:" header at the front. The headers usually include a
"From:", "To:", and "Subject:" headers, among others. Return-path
is among these.

3. Finally, separated by a blank line from the headers, the body
of the message.

Items 2 and 3 constitute the "message".

The key thing to understand is that the headers (item 2) may have
nothing to do with anything; they can all be complete forgeries
with the solitary exception of the most recent (first in line)
Received: header. If I send someone an e-mail and BCC (blind
carbon copy) it to someone else, the primary recipient cannot
tell that a copy went to the BCC recipient. Also, the headers in
the BCC copy will show the primary recipient in the To: header.
The only place the BCC recipient's e-mail address is shown is in
the envelope.

Spammers usually (I was going to write invariably) forge the
headers. It takes considerable skill and experience to reliably
sort out the truth from all the lies. In particular, From: and
Return-path: are very likely forged; the spammer really does not
care what happens to a message once it is fired off into the
ether.

While we wait for effective anti-spam legislation to be brought
in, the only bounces that do any good are those based on the
envelopes. But I have yet to hear of anti-spam software that
operates on the fly as a message trickles in. It is conceptually
possible to write software that would look at the identity of the
transmitting server (itself forge-able) and the target address
and block further transmission by emitting an error message.

Moreover, when a spam uses an intermediate server, such a bounce
will never get back to the spammer. He doesn't care! However, it
will reduce the bandwidth spam consumes by allowing the
transmitting server not bother with the headers and body. Whether
the transmitting server then tries to pass the error message
backwards to wherever it received the spam from depends on the
server software there.

The upshot of this is that anti-spam software that operates after
the entire message is received should not bother "bouncing"
anything. It's a total waste of time in almost all cases. The
best you can expect is to either delete identified spam or mark
is as spam so at least the end recipient doesn't have to download
it from the pop server. Since the final connection in the chain
is often a slow dial-up connection, this can save a lot of
connect time, but the spam has already chewed up *internet*
bandwidth and done its best to clog the recipient mailbox.

But whatever you do, don't "bounce" spam on the basis of the
headers. You're merely causing someone else, probably an
innocent, trouble. If you want, you can analyze the Received
headers and notify sysadmins that either they are harboring a
spammer or that they are running an open mail server used as a
relay.

If you are really a masochist, you can open the spam, access the
web pages, and see if you can figure out where your money would
go.

But remember where the profits are in spamming: not in the
businesses that advertise using spam, but in the business of
sending spam on behalf of idiots.

Sorry for the very long and very off-topic message, but there are
evidently considerable misunderstandings about e-mail operation
and people are responding to spam in counter-productive ways.




--
Rodger Whitlock
Victoria, British Columbia, Canada
[change "atlantic" to "pacific" and
"invalid" to "net" to reply by email]

In message , Rodger Whitlock
writes
On Mon, 1 Dec 2003 12:44:26 +0000, Martin Brown wrote:

...Anything I bounce goes back to the
address in the return path complete with all the spammers forged
headers. It is then up to the unfortunate on the receiving end to decode
them and complain about the forgery to the spammers ISP or more likely
the dumb sysop with the open mail relay (or his ISP).

That kind of "bounce" is worse than useless and merely aggravates
the problems caused by spam. Stop it right now.

Not likely.

[If I'm repeating myself in what follows, apologies.]

There are two distinct types of e-mail bounces:

1. The kind you describe, where the entire message is received by
a POP server, then forwarded, either by the server or by an
e-mail program under user control, to the address in the
"Return-path:" header. This is what's described above.

No it isn't. Demon provides full SMTP services to end user domains. And
their software provides for genuine envelope rejection.


2. The other kind is where the destination SMTP/POP server
refuses to accept a message and returns an error code to the
originating SMTP server. This is what you get if you send e-mail
to a non-existent address.

Exactly. And that is what I and many other Demon users do.

It sounds like lots of people don't understand how e-mails are
sent.

Don't be too quick to jump to conclusions.

1. The "envelope", which says who the message is for. This is
normally invisible to the end recipient because it is stripped
off by most POP servers. The envelope may also contain the size
of the message within and a small amount of other data.

You are assuming that I use a POP server. I don't.

The key thing to understand is that the headers (item 2) may have
nothing to do with anything; they can all be complete forgeries

Agreed. Although usually there is a small amount of real path hidden
somewhere in amongst the dross. It is really only worth beating up on
major corporate data centres that have open mail relays.

While we wait for effective anti-spam legislation to be brought
in, the only bounces that do any good are those based on the
envelopes. But I have yet to hear of anti-spam software that
operates on the fly as a message trickles in.

Turnpike and for that matter the DOS based KA9Q that I used before that
both provide envelope based rejection and SMTP.

Your faith in the ability of legislators to deal with spam is touching
but sadly misplaced. They might drive it offshore but that is all.

The upshot of this is that anti-spam software that operates after
the entire message is received should not bother "bouncing"
anything. It's a total waste of time in almost all cases.

I agree entirely. Once it has been downloaded you may as well file it in
a junk folder and then trash it. But on a dialup line bouncing bulk UCE
dross by applying rules to the envelope is extremely efficient. YMMV

Regards,
--
Martin Brown

In message , martin
writes
On Mon, 1 Dec 2003 14:46:44 +0000, Jane Ransom
wrote:

In article , Martin Brown
writes

Bounces of bounces are prevented by having a null return path to avoid
endless loops.

I'm glad you sent that post!!
We seem to have been put on a porn list at an address which is a mixture
of my work id and our demon id. After this thread I was worried about
ping pong bounces - but you have set my mind at rest

Strictly what I have described is what should happen. Some systems are
not as well behaved as they could be but bounce loops are very rare.

All you have to do now is to worry about bouncing to the innocent
victims of header forgery.

The innocent victims of header forgery can look after themselves.
*Their* address was forged by a third party. If they want to go after
that individual they need all the headers from the original message to
do it.

I haven't had a worm or a virus since 1999, I did receive several
mails from system managers, as far away as Chile, informing me that I
was posting Swen viruses.

I wouldn't like to bet on that. Swen subverts PCs and ISP smarthosts to
broadcast itself and makes little effort to disguise where it has come
from. In most cases the return path points back very close to the
location of the infected machine. This may be different now but it was
true initially.

Most of the early victims that got laid waste by Swen had up to date AV
and so felt they were invulnerable. Big mistake...

Regards,
--
Martin Brown

On Tue, 2 Dec 2003 13:11:22 +0000, Martin Brown
wrote:


The innocent victims of header forgery can look after themselves.
*Their* address was forged by a third party. If they want to go after
that individual they need all the headers from the original message to
do it.

What an appallingly selfish attitude.
--
Martin

On Tue, 2 Dec 2003 10:25:11 +0000, Martin Brown
wrote:

~In message , Rodger Whitlock
writes
~On Mon, 1 Dec 2003 12:44:26 +0000, Martin Brown wrote:
~

Snipped the mail contents deliberately as it's the threading I'm
commenting on. Just to stick my nose back in the thread, I'm not
actually receiving a lot of the replies. For instance, I didn't get
Rodger's post (though pieced it together from the reply!) and I didn't
get one of Jane Ransom's from 2 or 3 days ago. Does anyone here know
if bt censor or miss posts?
I rely on pop access to demon for mail and btclick/btopenworld for
posting and news, as they run the broadband I use. If I know bt are
clipping then I guess I'll have to do a weekly dialup or something :-(


--
jane

Don't part with your illusions. When they are gone,
you may still exist but you have ceased to live.
Mark Twain

Please remove onmaps from replies, thanks!