|
How Can I Stop Them?
To send an email to our support
department simply click on this link and ask your question. We may
choose to include your question and the answer in our FAQ so that others may also
benfit from the reply.
Peter, As
always it is good to hear from you and I personally love a challenge. >
My problem is that I get completely unsolicited
> e-mails apparently targeted
using software that either finds e-mail
> addys in a given domain (e.g.,
earthlink.net or sprintmail.com), or
> else randomly generates addys and
just happens to get a hit on my addy
> by chance. (In this case, there are
usually a lot of other addys shown
> on the recipient list, each one similar
but not identical to my addy.) We
have looked at these types of programs as well as testing them extensively.
Email
probe programs are also known as: email finders, diggers, locators as well as
many
other names that mean the same thing. Most of them allow the spammer to
type in one
email address and have it search the domain using a brute force
method to locate other
users at the same domain. The
search is done without sending mail to their victims. The probe will simply ask
the
mail server if it is a valid email address, without ever sending anything.
These probes
are fast and will try EVERY possible combination of characters
until a deliverable
address is found. In
finding your problem, there are three issues that you need to look at: Issue
Number One
The email address could be probed for by a generator as you
suspect.
To fix this, you can have your ISP change / create a new email that
would be harder if
not impossible to probe for such as: a9df2x4. Remember the
more letters or numbers
added to the address will make it closer to impossible
for someone to probe for it.
Also, if your ISP will allow extended characters,
add one of them and you just added
millions of other possibilities for the
probe to use brute force to try and find. If
someone probes for your email they need to give the following criteria: Number
of characters
Most of the time they will select for it to start probing
at 3 end probing with 8.
So it starts with aaa@yourisp.com and ends with zzzzzzzz@yourisp.com Type
of characters
The probe by default will not use numbers mixed in with letters.
It would be good to mix
numbers and letters. This would give the probe billions
more possibilities and take much
longer. Next,
add an extended character such as "-" to the new email address, which
if they
added to the email probe would make billions of total possibilities.
Spammers simply do
not take this kind of time. The
same issue comes into mind when thinking of a hacker using brute force to crack
an
encrypted password file. Brute
Force Cracking is where the hacker runs a program that will try every possible
combination
of characters on the keyboard. True, this can't miss, but it can take years
of
computing power to finally guess the right password. If
you made your password dkg, for example, it could be guessed in minutes, but by
simply
adding additional letters, it will add millions of more possibilities. dkgw would
take
longer, and dkgwr, would add much more time. Now when you add another type of
character
set, like numbers, dkgwr8 is adding billions of more possibilities. And adding
another
character set like extended characters, dkgwr8} is even making it more
impossible
to use brute force. Now we add another character set like upper case,
dkgwr8}H
and we have a real secure password. The
hacker might work with all numbers first, then go on to all lower case, then all
lower
mixed with numbers, then maybe all upper, then all upper mixed with numbers, and
as
a last attempt if he had to get in he could try lower, upper, numbers, and extended
letters
mixed together. But this would take FOREVER! So
in Brute Force Password cracking it is feasible to guess a small few character
password,
or a password that is all numbers, or one that is all the same case. Examples
of Brute Force BAD Passwords ahc,
vyrd, 28456032, sieprivk, FLIWDSRT Examples
of SECURE Passwords Fv3SdD6/,
=Rt6r4S@, qAz;P5sA, cC2[5dFd, s5\7FfBb A
"Secure" email address would look something like the example below assuming
that your
ISP will allow you to make an email address longer than 8 characters
and also use
extended characters. scx4f-gh56fd-98@yourisp.com When
you look at what appears to be a mess of an email address shown above, remember
you do not need to give it out to anyone, it only helps to prevent email probes
from finding
it. The
hashed email address above would only be used as the forward to address on the
Spam-Stopper
system. As always, the address would not be given to anyone, it is simply
used
as a transport end so that you have the ability to turn of senders without getting
trash
to your real address. Issue
Number Two
If the spammer is finding your real email address without being
probed for, you need to
ask yourself how the spammers are finding it. If you
are not using your real email
address anywhere, you need to take a good look
at your ISP web page or other services
that they may be providing. Some spammers
use web digging tools that are specially made
to harvest email addresses from
different online areas. If
your ISP has a web page that gives a list of client web pages, spammers know that
most
of the time the real user name is used in the url. An example of this could be
http://yourISP.com/~pfranks The
spammer would simply send an email to pfranks@yourISP.com You
would want to have a good look at all online features that may be giving away
your
address. Sometimes
even a spam complaint can get you more spam. When a complaint is posted to a newsgroup
and your real email address is shown in the complaint, it can be harvested by
newbie
spammers. Have
a look through http://dejanews.com
and search for something like "stop this
spammer". You will find
all kinds of people posting messages asking how to deal with the problem. These
people are now prime targets for more spam, because their real email address is
displayed in the header of a message in the spammers "harvest playground'. This
is why so many people in the newsgroups put text after their real email address
when
posting messages. Example: "myaddress@myisp.comNOSPAM". When the address
is harvested it will bounce because there is extra text in the email line. Clueless
spammers
will filter their harvest list through a program that removes the text. All
this
will do is generate them more complaints and anger this receiver that plainly
does
not want the email. Issue
Number Three
a) You know that your real email address is not being probed
for. b)
You are sure that there are not any online features on your
ISP's page that
could be giving it away. c)
You do not give your real address out to anyone. You
need to address the fact that your ISP or someone that works there, may be selling
or
sharing your address. >
Am I correct in assuming that your product can do nothing to prevent
> such
truly unsolicited e-mail? If you have something that would
> automatically
stop these e-mails, I'd love to hear about it. No,
Spam-Stopper is what you are looking for. If you follow the steps above and never
give out your real email address, I do not see how you can get spam into your
new ISP email box. All email that comes to the box would need to come from the
anything@spam-stopper.net addresses which can be turned off at any time.
>
Currently I use two different methods to limit such spam: I use Earthlink's
>
spaminator service om my e-mail accounts; and I have also installed a
>
freeware program called 'Bounce Spam Mail' which I use to catch
> anything
the Spaminator misses. Filtering
will get some of the spam before it hits your mailbox, but you will also lose
some
good email as well. The Bounce program will also help in some cases, but most
real
spammers simply send all bounces and replies to /dev/null. A
normal size list for a real spammer is about 10 million email addresses freshly
harvested.
It is because the list has been newly harvested, that often times the bounce ratio
on this list will be about 30% or higher. They will have the 3 million or more
bounces and replies sent to a dead zone or black hole called /dev/null. There
are a few reasons for this: Have you ever tried to open your email box that contained
3 million messages? Also if the smtp server is on the same machine or network,
the smtp server will be using up more resources trying to handle both the sending
and receiving at the same time. Often this is a headache and the solution is to
trash the replies. The
bounce program could work fine for OPT lists. An average OP-LIST send would be
around 10,000 messages. Also we keep in mind that this type of spammer is not
harvesting his own addresses, he is paying for them. If he maintains his list
well, your bouncer will
fool him into removing it. You
can use the Spam-Stopper bounce filter option to do the same thing, but you will
never
see another email from that Send To: address anyway. Maybe a better bounce
message
to send back to him would be something like "Buy another
list looser". >
But Bounce Spam Mail requires me to enter my addy and my mail server
>
addy, the sender's addy, and then copy and paste the message body before
>
sending the message to the sender's addy. This seems to work fairly well
>
to fool the sender into thinking that my addy is no longer in service,
>
since I don't ever tend to get any more e-mail from the sender, and the
>
total amount of spam coming in appears to be decreasing over time.
> But
it takes a bit of work, and I'm looking for something a bit more automated. It
sounds like your address found it's way into a broker list or maybe a few OPT-lists.
Either
way, I think that the new email address and Spam-Stopper will solve your problem.
If
you like the bounce mail program, you may find the bounce mail feature in
Spam-Stopper
a bit more user friendly, but no real need to use it any more unless you
are
doing it for fun. I
hope this helps you to have a better understanding of what may be happening as
well as
give you a better understanding of how Spam-Stopper works. Michael
Spam-Stopper
Technical Support 
| 