An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Previous Thread
Next Thread
Print Thread
Spam - might help someone else
#9926 05/15/10 07:26 PM
Joined: Aug 2009
OP Offline

Joined: Aug 2009
In the last few weeks I have experienced a 400% increase in spam into our business email boxes. I used to get ~100 a day, suddenly it increased to ~100 every few hours. These were coming from russia, mexico, china, everywhere. This quadrupled my work load in looking into the email provider's webmail to see what was waiting and had been filtered out by them - and every time I checked Mail, another 20 had made it through their filters anyway. Four times a day, minimum.

Say my business domain was onetwo.com. (It isn't) Emails were arriving addressed to bestonetwo.com, bestonetwopod.com, onetwomag.com, podmagonetwo.com, onetwonerd.com etcetera.

I found a company we used to deal with 6 years ago had a very old page on their website with a years-out-of-date email address to us. I asked them to take the page down, they did. I thought that would stop it. It didn't.

Today, however, wearily clicking through our webmail's trapped spam yet again (I have to do this because sometimes there's a sales enquiry in there), I looked up and saw a tiny suggestion from them on that page. It was not exactly bleedin' obvious.

It said "We suggest that in addition to BoxTrapper you enable SpamAssasin to decrease the load on our servers."

Blinks slowly.

Oh, OhhhhhKayyyyyyy........and enabled SpamAssasin and went off and did something else. A few hours later, when 50 more spams would have arrived by now,

NOTHING! NO SPAMS! TA DAA!!!!

Well, I hope so. Fingers crossed. If I lose some stray sales enquiries because of this, it will have been worth it. I figure they'll get on the old-fashioned telephonic device instead.

Hope that helps someone else.


Re: Spam - might help someone else
Bensheim #9931 05/15/10 11:26 PM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
I wonder if the spammers have figured out some new, obnoxious trick, because Verizon's spam filter seems to have sprung a leak that's been dripping for about two weeks, now.


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Spam - might help someone else
artie505 #9950 05/16/10 08:56 PM
Joined: Aug 2009
OP Offline

Joined: Aug 2009
I am ASTONISHED at SpamAssassin's effect! 24 hours later, when hitherto I would have had hundreds of spam emails by now, nothing! Zero Zip Nada, nothing!

I don't know where they're going, but they ain't coming in to me any more. smile

Somewhat squinty-eyed, I emailed some friends and family and asked them to quickly email me back to make sure SpamAssassin isn't catching every thing, but their responses came through ok together with some from me, to me, from yahoo/gmail accounts.

Tomorrow, Monday, business day, will be a proper test.

And I have never understood the world-wide spam industry. What is the point of creating millions of fake emails? If their intention is to upset and irritate millions of other people, how would they know that they have done that? Why do that anyway? There is no end result, is there? They're not selling anything. If you Google "how much internet traffic is spam?" you get 90% as an instant response. shocked confused

Re: Spam - might help someone else
Bensheim #9951 05/16/10 09:22 PM
Joined: Aug 2009
Likes: 1
Online

Joined: Aug 2009
Likes: 1
Originally Posted By: Bensheim
"We suggest that in addition to BoxTrapper you enable SpamAssasin to decrease the load on our servers."


And this was free?

Re: Spam - might help someone else
Gregg #9967 05/17/10 06:25 AM
Joined: Aug 2009
Likes: 1
Offline

Joined: Aug 2009
Likes: 1
Depends on the Web host. With many Web hosts, such as Hostgator, SpamAssassin and BoxTrapper are indeed free.

I've been noticing a lot of spam getting through my spam filters lately. A lot of it traces back to residential IP addresses belonging to compromised Windows PCs (of course). I suspect the rise of the ZeuS botnet has a great deal to do with ti.


Photo gallery, all about me, and more: www.xeromag.com/franklin.html
Re: Spam - might help someone else
Bensheim #10599 06/18/10 07:10 PM
Joined: Aug 2009
OP Offline

Joined: Aug 2009
May 16th I see I wrote that.

One month later, I have just had this astonishing email from my business email service provider. I had to read it twice, slowly.

--------------------

Dear Hosting Customer,

We would like to inform you that your account (xxxxxxxx) has been sending and receiving huge volume of spam messages that caused high load to the server. This affected all other users on the server as well.

We would kindly like to ask you to inform to clean your Pcs if you have set up your email accounts on an email client from any spam-sending software or viruses. If your account continues to send spams, we will have to suspend the service until the account is clean. We don't want to do this but we have to.

Below are the email accounts we suspect that are sending huge amount of spam messages.
xxx@xxxxxxxx.xx <----------my email address which I've x'd out

We will be monitoring this. Thanks.
-------------------------------

They think I'm the spammer? They think I am generating hundreds (thousands?) of emails from here and sending them to everyone including myself?

DearGODS, they can see the full headers! They can see that I have enabled BoxTrapper and SpamAssassin! They can see that I delete the sodding things when they come into my mail box! I would not know how to even begin to start sending spams let alone how to spoof someone else's "from" address, as someone clearly has done with mine.

I am very upset about this, as if I don't have enough on my plate already. mad

Re: Spam - might help someone else
Bensheim #10605 06/18/10 08:31 PM
Joined: Aug 2009
Likes: 1
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 1
Well, before you get all too worked up, let’s consider what your hosting provider (assuming that source is not in question!) just said:
1. You’re receiving a ton of spam.
2. You’re sending a ton of spam.
As responsible providers they’re doing exactly what they’re supposed to in such circumstances: notify you.

With regard to item #1, you seem to have done pretty much what you can do, although that won’t have much if any effect on what hits your provider’s mail servers. Hard to see how they can blame you, let alone find grounds to sanction you when they can put filters in place themselves. Still, it won’t hurt to ask for more details.

Item #2 is far more serious, since your provider can verify the source of the spam originating from its network, and if they say it’s you, they may be right. If true, that means that one or more of your computers has been subverted and cranking out spam with you blissfully unaware of this. Nobody really says (nor cares if) you’re doing it knowingly, as long as your hardware’s the source. smirk

Again, it won’t hurt to ask your provider for more details, and check your computer(s) for a possible source. Windows boxes may be first suspects, but Macs are not impervious. After all, there's such a thing as 'operator SNAFU', and I assume you're not the only person in the company.


alternaut moderator
Re: Spam - might help someone else
Bensheim #10607 06/18/10 11:54 PM
Joined: Aug 2009
cyn Online
Administrator
Online
Administrator

Joined: Aug 2009
Are you positive that email is from your business email service provider? From here it looks fake.

Right off the bat "Dear Hosting Customer" is a red flag to me, as I'd expect them to address you by name when informing you about such a problem. And I can't even figure out what "We would kindly like to ask you to inform to clean your Pcs if you have set up your email accounts on an email client from any spam-sending software or viruses." is supposed to mean.


FineTunedMac Forums Admin
Re: Spam - might help someone else
Bensheim #10619 06/19/10 02:58 PM
Joined: Aug 2009
Likes: 14
Offline

Joined: Aug 2009
Likes: 14
I agree with Cyn. The grammar certainly smells like a scam of some kind.

Since you are likely not the only customer receiving this kind of "warning" your ISP would want to know about it. I'd forward the email to the ISP with a note about your concerns.

ryck

Last edited by ryck; 06/19/10 03:00 PM.

ryck

"What Were Once Vices Are Now Habits" The Doobie Brothers

iMac (Retina 5K, 27", 2020), 3.8 GHz 8 Core Intel Core i7, 8GB RAM, 2667 MHz DDR4
OS Ventura 13.6.3
Canon Pixma TR 8520 Printer
Epson Perfection V500 Photo Scanner c/w VueScan software
TM on 1TB LaCie USB-C
Re: Spam - might help someone else
cyn #10623 06/19/10 05:24 PM
Joined: Aug 2009
OP Offline

Joined: Aug 2009
Cyn,

It is from them. I can see all the headers if (in Mail on my Mac) I click on View > Message > Long headers

Plus, the author does not have English as a first language. She's been there for years and we have emailed each other in the past over technical issues. She always writes like that. As if she's written in her own language and then translated it.

Having said that, I have no idea what she means either. Set up your email accounts on an email client from any spam-sending software?

THEY HOST OUR DOMAIN! How could I set up my email accounts anywhere else? Just by asking that question shows how little I know about this sh*t and how much I trust them, my business domain-host and email-provider, to do their end of the job.

(Note: my "real" ISP - my internet service provider - is another outfit entirely. And glory be, thankGOD, I have never had a single whisper of an iota of a nanosecond of any problems with them whatsoever in the whatever-years I've been with them.

The only reason they don't also get the domain-hosting and email provision is because I don't want to put all my internet needs in one basket.)

Re: Spam - might help someone else
alternaut #10624 06/19/10 05:39 PM
Joined: Aug 2009
OP Offline

Joined: Aug 2009
Originally Posted By: alternaut
Well, before you get all too worked up, let’s consider what your hosting provider (assuming that source is not in question!) just said:
1. You’re receiving a ton of spam.
2. You’re sending a ton of spam.
As responsible providers they’re doing exactly what they’re supposed to in such circumstances: notify you.

With regard to item #1, you seem to have done pretty much what you can do, although that won’t have much if any effect on what hits your provider’s mail servers. Hard to see how they can blame you, let alone find grounds to sanction you when they can put filters in place themselves. Still, it won’t hurt to ask for more details.


Again, to show how little I know about this and how trusting I am - IF I were sending shed-loads of spam, wouldn't that show in my out-box?

I'm not sending spam! I'm a victim of their hosted spam too! And as far as I can see I've done all I can to stop it.

I have replied with (commendable) restraint asking them to look at the headers and stating that since my email address has clearly been spoofed by spammers there's nothing I can do about it, is there?

Quote:
Item #2 is far more serious, since your provider can verify the source of the spam originating from its network, and if they say it’s you, they may be right. If true, that means that one or more of your computers has been subverted and cranking out spam with you blissfully unaware of this. Nobody really says (nor cares if) you’re doing it knowingly, as long as your hardware’s the source. smirk

Again, it won’t hurt to ask your provider for more details, and check your computer(s) for a possible source. Windows boxes may be first suspects, but Macs are not impervious. After all, there's such a thing as 'operator SNAFU', and I assume you're not the only person in the company.


What are Windows boxes?

No I'm not the only one here, this is a two-man operation. But my partner can barely send a two-line email, he needs supervision just to do that.

In any case, I don't need to explain this set-up to them, we are not initiating the spam. Plus, I am frankly askance at their threat to suspend our business emailing when I have been a paying customer for so long - years and years.

Actually, their "warning" to suspend our accounts is almost offensive. I reckon.

mad

They don't work weekends. Therefore I won't get a reply till Monday at the earliest.

Re: Spam - might help someone else
Bensheim #10629 06/19/10 07:49 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
it would be even more suspicious if they were giving you a link to the software to "clean" your computer, or worse yet, attached it in the email.


I work for the Department of Redundancy Department
Re: Spam - might help someone else
Bensheim #10633 06/19/10 09:34 PM
Joined: Aug 2009
Likes: 1
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 1
First off, as has been variously suggested above, the sender of that email may not be your hosting provider. That's easily verified, and should your provider indeed have sent the email, you can ask for more details. If it turns out that you're the source of spam (again, by no means certain at this point), it is most likely because one (or more) of your computers has been subverted and may now be active as part of a botnet, which are widespread among Windows computers ('boxes').

You wouldn't necessarily notice anything of this activity (it won't show up in your standard email programs), except perhaps when it interferes with your computer or internet use. Again, if the message originated with your provider, it's to be taken at face value and not as a personal insult. As Virtual1 suggested, do not respond to such messages by replying to them, following links contained in them, or running software attached to them. Instead, as with all potential phishing attempts, contact your provider via the support channel they communicated to you when you started working with them.

Until you have discussed things with your provider, there's no reason not to relax, let things be as they are and enjoy your weekend. laugh


alternaut moderator
Re: Spam - might help someone else
Bensheim #10634 06/19/10 10:49 PM
Joined: Aug 2009
Likes: 1
Offline

Joined: Aug 2009
Likes: 1
Originally Posted By: Bensheim
Again, to show how little I know about this and how trusting I am - IF I were sending shed-loads of spam, wouldn't that show in my out-box?


No. The spam is not being sent from your email program.

Nearly all computer viruses these days are not written by bored teenage kids trying to prove a point, in spite of what the common misperception says. Nearly all modern computer viruses are written by organized crime for profit (and lots of it; security firm Panda Labs estimates that the Russian mafia makes about $15,000,000 dollars per month from writing computer viruses, meaning that viruses are now more profitable than the typical organized crime trifecta of drugs, prostitution, and extortion).

The majority of modern computer viruses are actually email server programs. They run a secret mail server on your computer, which allows organized crime to remotely access your computer and relay spam through it--sometimes, depending on the speed of your computer and your Internet connection, tens of thousands of emails per hour. Almost all spam comes from virus infected PCs whose owners have no clue have been taken over and used as spam relays.

Originally Posted By: Bensheim
I'm not sending spam! I'm a victim of their hosted spam too! And as far as I can see I've done all I can to stop it.


Are you SURE you are not sending spam? If you have a computer in your house that is infected by a virus, you could be sending 20,000 spam messages an hour and not know it.

Originally Posted By: Bensheim
What are Windows boxes?


Any computer running Microsoft Windows. This includes Macs that are running Microsoft Windows using Boot Camp or Parallels or so on.

So far, there are no Mac spam-relay viruses. There are hundreds of thousands of Windows spam-relay viruses. At the moment, on average, a Windows XP computer that is not running antivirus software and is connected to the Internet with no firewall is infected with a virus in about 20 minutes.

Originally Posted By: Bensheim
No I'm not the only one here, this is a two-man operation. But my partner can barely send a two-line email, he needs supervision just to do that.


Then he is a very likely candidate to be the culprit, if he is running Windows. People who are not computer savvy are most at risk of being infected with viruses. It actually takes a fairly high amount of technical skill to keep a Windows computer clean.

Originally Posted By: Bensheim
In any case, I don't need to explain this set-up to them, we are not initiating the spam. Plus, I am frankly askance at their threat to suspend our business emailing when I have been a paying customer for so long - years and years.

Actually, their "warning" to suspend our accounts is almost offensive. I reckon.


They HAVE to do this, to protect their network.

It is not clear from the email they sent what they believe the source of the spam is. There are actually two possibilities.

The first possibility is the one that I have already talked about. You have a computer somewhere that is running Microsoft Windows and has been taken over by organized crime. That computer, totally without your knowledge, is being remotely controlled by criminals and is being used to send spam.

There is another possibility as well. That is that all your computers are fine, but your Web site has been taken over.

There are three common ways to hack a Web site. The first is to exploit buggy or insecure programs that you might be running on your Web site. WordPress that has not had security updates installed, improperly secured forum software such as phpBB, or improperly secured content management software are common. If you have a shopping cart program on your Web site but it has not been configured properly, it can be hacked.

The second is if you use a bad password on your Web site for remote access or FTP. There are programs out there which scan through huge numbers of Web sites trying to guess bad, weak, or commonly used passwords. They make lists of Web sites which use bad passwords and automatically send those lists to organized crime.

The third is if you or your partner have been tricked. Criminals will use all sorts of very persuasive-seeming cons to trick Web owners into giving up their Web site passwords. They might send you an email telling you that there is a problem with your Web site and you need to click on a link to fix it. They might tell you that your computer has a virus and you need to download a program to fix the virus (the program they trick you into downloading is designed to steal your Web or FTP passwords). They might say that your domain or your Web hosting will expire if you don't "confirm your identity" by logging on to a realistic-looking Web page designed to look exactly like your Web host.

In any event, once organized crime has your Web site password, it's all over. They have full control over everything on your site. They can look at or change your Web pages. They can see who access your Web site. They can install viruses on your Web site that automatically download to anyone who visits your site. If you have a shopping cart on your site, they can get the names and credit card numbers of all your customers. And they can put Web server programs on your Web site that allow them to take over your Web server and turn it into a mail server to send spam.

You need to talk directly to your Web host. Ask them if the spam is coming from your Web server or from a personal computer on your network.


Photo gallery, all about me, and more: www.xeromag.com/franklin.html
Re: Spam - might help someone else
tacit #10645 06/20/10 10:30 AM
Joined: Aug 2009
OP Offline

Joined: Aug 2009
Thank you for the long reply.

There are 4 Macs here. There are no PCs. We do not run Windows, ever. We have never run Windows. I wouldn't even know how to run Windows on a Mac and have no need to.

We do not have a website.

We only use Apple software or Mac software, viz:
iWorks08 (Pages, Numbers and very occasionally Keynote to open powerpoint files)
DeltaGraph
FileMaker
AppleWorks
Firefox
iPhoto
iTunes
Mail
and very occasionally IE for Mac (because, believe it or not, some websites only work on IE not Firefox or Safari).
That's about it.



Re: Spam - might help someone else
Bensheim #10654 06/20/10 11:20 PM
Joined: Aug 2009
Likes: 1
Offline

Joined: Aug 2009
Likes: 1
It sounds like the best course of action would be to explain that to your email hosting provider and to ask them for documentation of the spam you're purportedly sending out.


Photo gallery, all about me, and more: www.xeromag.com/franklin.html
Re: Spam - might help someone else
tacit #10678 06/22/10 04:32 PM
Joined: Aug 2009
OP Offline

Joined: Aug 2009
Hi Tacit, I did that and must have been very polite and restrained, because it yielded the following response:

Dear xxxxxxxx, <---- my name, x'd out

Thank you for investigating this one on your end as well.
I do understand that is why we are also investigating this one further.

During our initial investigation, your email account xxx@xxxxxxx has been sending and receiving a huge amount of spam that caused delays and email problems to the server which affected other customers.

It seems that your account is sending looping messages to support@ncsoft.com and you are receiving messages from this account as well. Do you remember sending message to this email address?

Don't worry, we are investigating this and we will update you further. Thank you for your cooperation with us.

Kind regards,

Xxxxxxxx <---- name of sender x'd out

----------
My response:

Dear Xxxxxxxx <---- name of sender x'd out

I have never heard of ncsoft and have therefore looked them up on the internet. There is your answer: they are the spammers.

They turn out to be a Korea-based on-line computer games company. I can 1000% assure you that no one here plays on-line computer games, never has done and never will ! There are no children here, and no visitors with access to our computers, ever.

I can only suggest that you take steps to ban them completely from your servers. You have my permission to do whatever it takes to ban them from our xxxxxxxxxx account.

--------
Her response

Dear xxxxxxxxxxxx,

Rest assured that we will make the necessary steps to block this domain name from our servers.
Thank you also for checking this with us and cooperating to resolve this issue.

We won't suspend your accounts because we understand this is important to your business.
We will update you once we will find something to stop this.
Thank you once again.

Kind regards,
Xxxxxxx
------------

SO, what d'you think?

Thanks

Re: Spam - might help someone else
Bensheim #10688 06/23/10 04:54 AM
Joined: Aug 2009
Likes: 1
Offline

Joined: Aug 2009
Likes: 1
ncsoft is a well-known and respected maker of popular MMO games. They are not the spammer.

However, I may have a better idea of what is going on, because my own email account just got hit with exactly the same problem. Your email password: how secure is it? Does it contain letters and numbers both? Is it a word that's in the dictionary?

My own email account has been sending a huge quantity of spam lately. As it turns out, there is a spam group in the Ukraine that has over the past couple of weeks launched an extremely aggressive password-cracking campaign. They collect millions of email addresses and then try to hack into them using automated software that runs through hundreds of thousands of passwords trying to guess the password. If they successfully guess a password, they start sending spam from that email address.

Ask your ISP to send you one of the spam emails that you are supposedly sending. There is a good chance that it DID come from your email address, but from an IP address starting with 200. If that is so, *immediately* change your email passwords. Also make sure that you do not have an automatic reply set up in your email. One of the things these spammers are doing is setting up an auto reply so that anyone who emails you is automatically sent a repy that contains a spam link.


Photo gallery, all about me, and more: www.xeromag.com/franklin.html

Moderated by  alternaut, dianne, MacManiac 

Link Copied to Clipboard
Powered by UBB.threads™ PHP Forum Software 7.7.4
(Release build 20200307)
Responsive Width:

PHP: 7.4.33 Page Time: 0.027s Queries: 50 (0.018s) Memory: 0.6795 MB (Peak: 0.8268 MB) Data Comp: Zlib Server Time: 2024-03-28 12:32:42 UTC
Valid HTML 5 and Valid CSS