More ado with phishing..

Life is just *way* too short for me to do this at least 10 times a day. I feel sorry for pensioners and net newbies who get caught by these scams but I very much doubt that end recipient reporting is the way to go about dealing with these.

I'm sure that if the will (and the money) existed, 99.9% of them could be intercepted at server level. As it is, Yahoo and Google are very good at filtering them already so the technology exists. Along with that, no one should leave school or finish a computing course of any kind without being taught about Internet scams.

Tim

They are taught about them. Some even become very goos at them :-)

MBQ

Not worth the effort. If they were half way serious players they would accept msgs forwarded to a specified email address with full headers.

(In)Action Fraud is worse than a chocolate fireguard too. They were not even smart enough to configure their own email system to accept the spam and phishing emails they told the public to send them.

Any antiphishing organisation worth its salt will already have more than enough honeypot addresses to collect spam and phishing attacks. There is no point forwarding stuff to these to generic spam sites unless it makes you feel better. The problem is in getting international cooperation to close down bad sites and botnets.

What's it got to do with the server? *I* get to decide whether mail is spam or not. What is spam for me may not be for you. A good spam filter is trainable, but it has to be trained by the end-user.

phorm ...

well I am just making those people who don't know that something can be done, aware.

The faster these get reported, the faster they are blacklisted.

Simply forwarding a phish to an address in your address book is almost as quick as deleting it.

A hell of a lot.

at least 50% of pure spam never reaches your mailbox.

If it comes from blacklisted mail senders.

*I* get to decide whether mail is

Have a look at what most of the ISPs use -

And read the FAQs to see WHY having your OWN spam filter wastes YOUR bandwidth.

I have been busy setting up my own mail service so I don't have to use an ISPs one and well over 50% of the incoming email is now being rejected because

- its addressed to users (in domains I own) that do not and never have existed.

- its coming from IP addresses DIRECTLY to my server that are known 'Dial up' type blocks, and therefore should ONLY be sending mail via their ISP's relay.

- its coming from other IP addresses that are blacklisted as spam originators.

That still leaves me with about 20 messages a day that do get by that are spam.

Actually, since midnight, 23..

Mmm.

Well that's bleeding obvious innit. In my case I wrote my own Bayesian spam filter in PHP as part of the Eudora-alike email client I have written.

Didn't you say above that this is a waste of bandwidth?

How do you know they are dialup blocks? You looking them up in RIPE?

I appear to have had 3 today. One of these is from the Ideal Home Show and at the moment I consider that to be spam so I'm leaving it in the spam folder. If at some time in the future I cease to feel that way, It's simple enough to retrain the spam filter.

Until your email account gets blocked because you're sending out phishing emails... (it's happened to me).

Tim

You reject at the SMTP level, the message body doesn't get transfered as the connection is rejected before that stage. A real MTA will keep trying and eventually bounce the message back to the sender. Spammers tend to only try once, so even simple grey listing can be quite effective in reducing spam and how much bandwidth you use.

Something seems to have been lost in the translation. B-)

As you are aware, if you rely on spam filtering after you have downloaded the body and something turns out to be spam you have "wasted" that download. If you check at server level you can trap out a lot of (in my case most) spam before you download it.

No, its less bandwidth to reject them THERE in some core connected machine room, than download em. And they get rejected the moment they connect.

Because such blocks are recorded by a spam central monitor - in this case spamhaus.org - and a quick check as they connect reveals this, and they get dumped. Before their blather has even been transmitted

You haven't been online as long as I have or sent as many emails..and you probably don't have a domain that looks almost like a well known book company, whose IT department was stupid enough - and probably is still stupid enough, to tell the users that really yes they were mydomain.co.uk and not mydomainco.co.uk.

So they still 5 years after I told them to stop, are sending out email marked as being from my domain, and the replies all bounce back to my domain, and then get rejected because I am NOT Amanda Walker of the mydomain book company....

The there is the case of the email identity I used on Ebay. Golly that's gone all over the world now.

Then my domains were registered at a trusting time too, and my name and address and email address are still there for anyone who trawls the whois register ..

So getting 50% dumped before it hits my ADSL is really a good start.

Maybe you ought to offer to sell it to them? Or rent it to them or provide an email forwarding service on a cost per email basis, say 1p each. "email" being anything sent to that domain and forwarded, spam and all. B-)

Depending on the use of the .co.uk domain you can be a "private individual" and withold your details. Can't (shouldn't!) do that for a domain used commercially.

Yes. But the *way* they do it on that web page suggests that they are as thick as two short planks. No half way competent anti-phishing team needs *humans* to help identify the brand being phished. A list of common brands checked against the subject header will do that easily.

If they need our help to identify the brand being phished what chance is there of them understanding the routing path in the headers?

I suppose on the plus side they are not bouncing the stuff sent to them like Action fraud did.

These things are little more than bit bins to make the great unwashed feel a little bit better about receiving spam and scams. Incidentally some of the latest and greatest phishing attacks are now all but indistinguishable from the real things. The only bits missing are the personal identification and shared security salutation.

Reluctantly, I agree.

The other problem is the stupid behaviour of financial institutions. For example I use Nationwide Building Society, who have a perfectly sensible domain name of nationwide.co.uk, but their on-line banking system uses a different domain name (nationnet.something if I remember correctly) and when they send out mass emails these appear to come from yet another domain. These emails look, at first sight, just like a phishing attempt, and I was very suspicious. So I reported it to Nationwide.

They confirmed it was genuine, so I pointed out that using any domain other than nationwide.co.uk was simply unnecessary and stupid. I couldn't get this simple point to be accepted by their management, and after several rounds, I gave up. So now, all customers of Nationwide have become used to having that institution use at least a handful of different and unpredictable domain names, and so they won't be surprised if the next phishing attempt involves yet another one. Sigh.

Aggh sorry - too late at night.

there wasn't an online in the early 80s.

I think it was 1985 before there was UUCP usenet in the UK.

UUCP itself was only 1979 as an invention.

Quite agree. I did, briefly, try to "do the right thing" and report scams/phishing directly to the relevant corporation. But having to dig through several pages on their websites to find the address to forward stuff to gave up. Perhaps there ought to be a rule insisting that spam@... or whatever has to be accepted by all commercial operations. Even abuse@... isn't always accepted.

I think the really scary stuff is the "man in the browser". At least with an email you can hover over an email/web address and see where it's really pointing to.

SLAC (where I then was) was connected to BITNET sometime in the early

80s. I was certainly exchanging emails with people at CERN from then on. The BITNET connection was only 9600bps but that was fine for most email work, as I don't think it supported attachments although you could send files.

There was also the High Energy Physics DECnet coming up later in the decade, which included most HEP sites in Europe and the US.