[NTLUG:Discuss] Mail Question

Burton M. Strauss III Burton_Strauss at comcast.net
Tue Apr 27 13:05:22 CDT 2004 

"Spam" addresses are generated from various sources

One is from other peoples address books - i.e. those you have correspondence
with

Another is from public sources - Usenet, web pages, etc. -- typically called
harvesting.

A third is the so-called Dictionary version, where they try addresses
composed of word(s) from a dictionary, what to name the baby books, etc.
With or without numeric suffixes.

A fourth is just random characters.



Typical bad guy spam combines two addresses, created however, one as the
'from' (faked, of course) and the second as the 'to'.



So you could be getting this because of any of them - your address isn't odd
enough .

If that's a legit bounce (and it could be), then your mail address was in
the 'From' space, the 'To' didn't exist, so the helpful mailer is sending
you the notification message, thinking the message came from you.


Basic rule today is to just delete ALL mail bounce, delivery failure
messages, etc.  Instead of depending upon them, if it's really critical that
you message gets through, you should contact the recipient to confirm - "Hey
Thomas, it's Chuck .. just making sure you received the proposal I emailed
you yesterday"...

-----Burton


> -----Original Message-----
> From: discuss-bounces at ntlug.org [mailto:discuss-bounces at ntlug.org]On
> Behalf Of Chuck
> Sent: Tuesday, April 27, 2004 12:58 PM
> To: discuss at ntlug.org
> Subject: [NTLUG:Discuss] Mail Question
>
>
> I have a desktop running Mandrake 9.0, which I use for general stuff,
> including reading email.  It is always kept up to date, and it is
> connected
> through a SMC router to a DSL line.  It is on 24/7, and serves my website
> with Apache. My ISP, SBC, uses pop for receiving, stmp for
> sending.  Kmail is
> my current mail reader.
>
> Lately I have been receiving notices like the following.
>
> "From: postmaster at srcp.com
> To: cfgraf at swbell.net
> Date:  Today 04:16:49 am
> This is an automatically generated Delivery Status Notification.
> Delivery to the following recipients failed.
> dwards at srcp.com
>
> Encapsulated message
> Postcard
> From: cfgraf at swbell.net
> To: dwards at srcp.com
> Date: Today 04:17:05 am
> Hello!
> Here is the document.
> Yours sincerely
> postcard0.pif
> End of encapsulated message"
>
> I do not know this person, and have never sent anything like
> this.  One of
> these shows up about daily now in my in-box.  The messages always
> contain a
> virus.  No sent mail like this shows in my Sent Mail folder.
>
> Am I correct in assuming that my email address is in someone's
> Outlook address
> book, and a virus is sending out copies of itself using my address as the
> "From" line? Or has my box been hacked, and someone is sending out viri
> through it?
>
> Thank you for any ideas.
>
> Chuck
>
>
>
> _______________________________________________
> https://ntlug.org/mailman/listinfo/discuss

More information about the Discuss mailing list