Danger - postcards.org Spoofed Email

[b0b]

This email sure looked legit: <BLOCKQUOTE><font size="1" face="Verdana, Arial, Helvetica">quote:</font><HR><SMALL>postcards.org

You have just received a virtual postcard from a family member!

You can pick up your postcard at the following web address:
http://www.postcards.org/?a91-valets-cloud-31337

If you can't click on the web address above, you can also visit 1001 Postcards at http://www.postcards.org/postcards/
and enter your pickup code, which is: a91-valets-cloud-mad

(Your postcard will be available for 60 days.)

Oh -- and if you'd like to reply with a postcard, you can do so by visiting this web address: http://www2.postcards.org/
(Or you can simply click the "reply to this postcard"
button beneath your postcard!)

We hope you enjoy your postcard, and if you do,
please take a moment to send a few yourself!

.

Regards,
1001 Postcards http://www.postcards.org/postcards/ </SMALL><HR></BLOCKQUOTE> I know that postcards.org is a legit site, but rolling the mouse pointer over the link revealed that it actually linked to a windows program postcards.gif.exe on a website at postcards16.home.ro!

This is a favorite technique of phish emails. What appears to be a legit link actually takes you somewhere else.

I didn't take the bait. I went to the real postcards.org and entered the pickup code. It was a bogus code. I have no idea what postcard.gif.exe would have done to my computer, but I'm sure it would have been bad news.

------------------
<img align=left src="http://b0b.com/b0bxicon.gif" border="0"><small> Bobby Lee</small>
-b0b- <small> quasar@b0b.com </small>
System Administrator <span style="text-align: right; font-size: 0.75em; font-variant: small-caps">
My Blog</span>

[Dave Potter]

Edited to add:B0b-I get your point and do appreciate the heads up on the old re-direction scam, with the potential adverse consequences it might hide.

---------------------------------------------------------
My previous diatribe was:

But all that spoof stuff is old news. I get 35 spam emails, give or take, every day, and the majority of them are from fake origins. These spammers have devised ways of disguising the origin of their garbage so that there's no way to filter them.

They are capable of disguising their IP and domains (which can be blocked) and everything else, and they make their crap look like it comes from legitimate IPs, ones you don't want to block, because you'd prevent reception of legit email from those IPs.

The latest ploy I'm seeing is spoofed IP spam with the content buried in .gif images, so I can't write filters to deal with them without filtering any email that contains a .gif, which they know I don't want to do.<font size="1" color="#8e236b"><p align="center">[This message was edited by Dave Potter on 22 January 2006 at 06:51 AM.]</p></FONT>

[Wiz Feinberg]

Dave;
I might be able to help you filter some of those Gif spams. Do you use Mailwasher Pro, and/or Outlook Express?


------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
<small>Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services,
or my Webmaster Services webpage</small>

[Dave Potter]

<SMALL>Do you use Mailwasher Pro, and/or Outlook Express?</SMALL>

Wiz-I use Netscape 7.2, with Choicemail as a front-end spam filter.

Choicemail is quite capable and flexible, and can be configured to do a lot of things. Any email I receive in which the sender is not already on my Choicemail "list of approved senders" generates a challenge back to the sender to "register" to send me email. Spammers don't respond, of course, so the email never reaches Netscape for me to see. The spam is automatically deleted in whatever number of days I tell Choicemail to do it if the sender has not "registered" and I've approved the "registration".

It's a process that works fine - Spam doesn't get to my Netscape, and I don't see it at all unless I open Choicemail and look. But I'd like to be able to just filter the stuff I know in advance to be spam, and have it go straight to Choicemail's "junkbox" to be silently deleted, and not bother with the "challenge" process. I now use many Choicemail filters to do that with other kinds of bogus emails, ones with bad language in the subject or body, my username in the subject line, known IP ranges used for spamming, that kind of thing.

The problem is that if the IP and sender's email address are either spoofed or missing, filtering them won't work. And if the content consists only of an image, filtering that would interfere with receiving legitimate emails with that kind of image.

[Jack Stoner]

Those "register to send me e-mail" programs may work but I've had inquiries from a couple of people on the forum that have Earthlink and when I answered them I got a message back that I needed to register. I didn't see the need to register if I was ansering a question for them that they asked so they never got their answer via a personal e-mail.

[Dave Potter]

<SMALL>I didn't see the need to register if I was ansering a question for them that they asked so they never got their answer via a personal e-mail.</SMALL>

Fair enough, Jack. There will always be situations like that that can arise.

The solution, if I don't want to miss a message I know is coming, is to add the sender's email to my whitelist beforehand. I generally do that anyway to avoid placing the registration burden on someone I expect legitimate mail from.

For online orders and similar things where I want to receive the order confirmation but don't know what the sender's email address is going to be in advance, there are other ways to deal with it, like adding the sender's domain name to the "Accepted Domains" list in Choicemail.

There's no perfect solution to the scourge of humanity we know of as "spam", but it's a fact of life. Challenge-based email is one way to put it back on the spammers while at the same time giving any legitimate unknown sender the opportunity to reach me if they really want to. If they don't want to, that's their prerogative. Note that I keep an extensive "whitelist" of senders, and my filter is totally transparent to them.

[b0b]

My sister sends me postcards from postcards.org, so I wouldn't want to block them. What I noticed about this one was the link pointed to a Windows program that would have downloaded and run on the machine of an unsuspecting Windows user.

------------------
<img align=left src="http://b0b.com/b0bxicon.gif" border="0"><small> Bobby Lee</small>
-b0b- <small> quasar@b0b.com </small>
System Administrator <span style="text-align: right; font-size: 0.75em; font-variant: small-caps">
My Blog</span>