PDA

View Full Version : Spam Addressed to TAPCIS.COM


Guerri Stevens
July 1st, 2005, 04:07 PM
I got a piece of spam today. I am using Thunderbird, and I have filters to direct mail from my various Email accounts to separate folders. Anything not matching the filters goes to my Inbox folder. Since I have only three Email accounts right now, that would mean that what lands in the Inbox should have been addressed to me at tapcis.com. And yes, I have tested the filters.

The spam that arrived today was visibly addressed to larsenpbs@compuserve.com. I suspect that I was a blind copy, but if so, shouldn't my Email address appear somewhere?

Telling T-bird to show all headers doesn't reveal anything that relates to me.

The above is all a digression but I would like to know how to see whatever it is that caused the mail to come to me, especially so since I would like to know for sure what Email address was used.

Mainly, though, how do I report this spam to tapcis.com or go daddy or whoever? And if I forward the message, will T-bird correctly include all the header information that might be needed?

Lindsey
July 1st, 2005, 05:22 PM
According to the Help, there's supposed to be a spam-reporting option on the webmail site that will allow you to "train" your spam filter, but that option doesn't appear to be available on the tapcis.com site. I don't know if that's something that can be requested or not; Judy may know.

In any case, there is a button available in the webmail box that will allow you to ratchet up your spam filtering options to filter spam more aggressively (see attached screen shot). I'd advise you to check the box on the web periodically, at least at first, to check your "Bulk mail' folder and be sure that good mail isn't getting snagged by mistake.

And no, if you are blind copied on a message, you won't see your own address in the headers.

--Lindsey

Guerri Stevens
July 1st, 2005, 07:57 PM
I wanted to know to whom I should report the spam, i.e. the equivalent of spam@compuserve.com only for the tapcis.com webmail. In other words, I didn't mean "reporting in order to train the filters" I meant reporting so someone could go after the spammer, assuming that was possible.

I don't really care about spam filtering by the webmail itself, at least I don't think I do right now. But I will check it out anyway.

I don't use my Earthlink account at all, haven't given the address to anyone, and haven't sent any Email with it. I get spam there, though, and decided to use their most rigorous filtering, i.e. if the sender isn't in my Earthlink address book (which is empty), a message gets sent to the sender asking whether he/she wants to be added so that I will then accept mail. So far no one has replied (what a surprise)!

Guerri Stevens
July 1st, 2005, 08:29 PM
... there is a button available in the webmail box that will allow you to ratchet up your spam filtering options to filter spam more aggressively (see attached screen shot).

Well, I checked the webmail site and gave myself several minutes of panic because I never wrote down my Email password and didn't know what I had used! The site helpfully provides a Q&A next to the login information that asks what to do if the password is forgotten and answers that you can go somewhere and CHANGE your password. Of course as far as I could tell, there was no way to go to that place without logging in and if the password is forgotten one cannot log in. Fortunately I finally remembered what the password was.

I decided to leave the spam filtering alone for now. I use the Thunderbird client to read my tapcis.com Email, so it would be a nuisance go to the webmail site all the time to mark the spam first so it could train itself. At least that's my understanding of its operation.

I don't think we should have to live like this (spam filters, virus checkers, you name it).

Guerri

Mike
July 2nd, 2005, 03:56 PM
One of the "Received:" headers may include the address to which the spam was sent. I presume you are not reading your guerri@compuserve.com mailbox with T-bird?

Guerri Stevens
July 2nd, 2005, 08:00 PM
One of the "Received:" headers may include the address to which the spam was sent. I presume you are not reading your guerri@compuserve.com mailbox with T-bird?

I am indeed reading my CompuServe Email with T-bird. Why wouldn't I? Or maybe I should ask why shouldn't I?

I have T-bird set up to automatically filter the mail so that mail addressed to the CompuServe account gets put into the CompuServe folder.

Lindsey
July 5th, 2005, 08:11 PM
I wanted to know to whom I should report the spam, i.e. the equivalent of spam@compuserve.com only for the tapcis.com webmail. In other words, I didn't mean "reporting in order to train the filters" I meant reporting so someone could go after the spammer, assuming that was possible.
Sorry, so far as I know, there is no such address, and even if there were, it would be for the purpose of training filters, not going after spammers.

--Lindsey

Lindsey
July 5th, 2005, 08:14 PM
I don't think we should have to live like this (spam filters, virus checkers, you name it).
Agreed; as far as I am concerned, all spammers should be shot at dawn, but unfortunately, filters are about the best way to fight them at present.

--Lindsey

Mike
July 7th, 2005, 03:04 AM
Are you absolutely certain that there's no way the mail from one mailbox could get intermixed with the mail from another? Did you check the "Received:" headers to see if the address to which it was sent is noted?

Guerri Stevens
July 7th, 2005, 05:27 AM
Are you absolutely certain that there's no way the mail from one mailbox could get intermixed with the mail from another? Did you check the "Received:" headers to see if the address to which it was sent is noted?

Well, the filters I use to put mail from my CompuServe account into my CompuServe folder are based on my personal alias or my numeric ID being in the To field. Neither of the spam messages (I now have 2) includes anything, anywhere, that contains that information. My belief is that I was a blind copy.

The visible address is a numeric CompuServe address on one of the messages, and a CompuServe PA on the other. Thinking this over now, I believe it is extremely likely that the spam *was* to my CompuServe account.

I am also guessing that someone's Email was hijacked for the purpose, at least for the first spam, since the From shown has a name different from what appears in the headers. But I really know nothing about this stuff, so that's just a guess.

Judy G. Russell
July 7th, 2005, 09:30 AM
Thinking this over now, I believe it is extremely likely that the spam *was* to my CompuServe account.
That is by far the most likely.

Guerri Stevens
July 7th, 2005, 08:04 PM
It would be better if, when one is receiving a blind copy, the blind copy receiver's name were included somewhere. My Email address was just not there at all.

Admittedly, I should have guessed that if the visible address was a CompuServe address, mine was likely to be as well.

Judy G. Russell
July 7th, 2005, 08:16 PM
My Email address was just not there at all.
That's one of the things that makes it effective as spam.

Lindsey
July 7th, 2005, 10:05 PM
It would be better if, when one is receiving a blind copy, the blind copy receiver's name were included somewhere.
I think sometimes it appears in an "Apparently to" field, but that would depend on which RFC the mail service was designed to follow.

--Lindsey

Mike
July 8th, 2005, 02:16 AM
It would be better if, when one is receiving a blind copy, the blind copy receiver's name were included somewhere. My Email address was just not there at all.
That depends on the mail servers all along the route of the message.

In some cases, one of them may insert the email address into a "Received:" header. That's why I've mentioned the "Received:" headers a couple of times already.

As Lindsey suggested, in other cases, some mail servers will insert an "Apparently-to:" header.

Guerri Stevens
July 10th, 2005, 08:31 AM
In some cases, one of them may insert the email address into a "Received:" header. That's why I've mentioned the "Received:" headers a couple of times already.
Yes, you have mentioned the "received" headers a couple of times. Each time I have dutifully looked at the Emails. I am using Thunderbird, and unfortunately T-bird does not do a good job of displaying the full headers. It displays them, but there are no scroll bars so whatever is not on the screen cannot be seen. I tried to select and copy the data, but that doesn't work either.

I tried again, this time choosing View>Message Source, which gives me a window from which I can select and copy. Here's a copy of the two "received" entries from one of the messages:

Received: from host180.yousq.com (host180.yousq.com [65.217.169.180] (may be forged))
by siaag2aj.mx.compuserve.com (8.12.11/8.12.7/SUN-2.17) with SMTP id j632iV4d017834;
Sat, 2 Jul 2005 22:44:54 -0400 (EDT)
Received: from localhost [192.168.1.6] by mail5.bigfoot.com with ESMTP
(SMTPD32-7.15) id A9F2DBD83416; Sat, 02 Jul 2005 22:32:02 -0500

Here's a copy from the other message:
Received: from host500022.cotelcam.net.ar (host500022.cotelcam.net.ar [200.59.5.22])
by siaag2aj.mx.compuserve.com (8.12.11/8.12.7/SUN-2.17) with SMTP id j611GicX003282;
Thu, 30 Jun 2005 21:18:20 -0400 (EDT)
Received: from ChadFultonwhz@cox.net by mock by uid 4969 with qmail-scanner-1.28
(clamscan: 0.69. spamassassin: 2.66. Clear:RC:0(255.72.118.120):SA:0(3.7/5.0):.
Processed in 2.21917 secs); Fri, 01 Jul 2005 02:18:20 -0000

I can't see any meaningful information in either of these, or in any other part of the headers for that matter, but would be happy to send them to you if you want them.

Dan in Saint Louis
July 10th, 2005, 09:26 AM
T-bird does not do a good job of displaying the full headers
It sure doesn't. There is a way, if you think it is worth your time: Using a text editor like UltraEdit or Notepad, open the mailbox itself (it lives in your TBird profile). There you will easily spot the headers.

Guerri Stevens
July 10th, 2005, 06:55 PM
View>Message Source also seems to do a good job of displaying the headers with scrollbars and you can copy/paste from it.

I went to the T-bird place where you can report problems, and searched around and I think the problem of the missing scrollbars with the headers has been reported. Don't know how soon it will be fixed, though. Or even if it will be fixed, for that matter.

Mike
July 15th, 2005, 03:05 AM
I tried again, this time choosing View>Message Source, which gives me a window from which I can select and copy.

That's the best method.

Here's a copy of the two "received" entries from one of the messages:

Received: from host180.yousq.com (host180.yousq.com [65.217.169.180] (may be forged))
by siaag2aj.mx.compuserve.com (8.12.11/8.12.7/SUN-2.17) with SMTP id j632iV4d017834;
Sat, 2 Jul 2005 22:44:54 -0400 (EDT)
Received: from localhost [192.168.1.6] by mail5.bigfoot.com with ESMTP
(SMTPD32-7.15) id A9F2DBD83416; Sat, 02 Jul 2005 22:32:02 -0500

Here's a copy from the other message:
Received: from host500022.cotelcam.net.ar (host500022.cotelcam.net.ar [200.59.5.22])
by siaag2aj.mx.compuserve.com (8.12.11/8.12.7/SUN-2.17) with SMTP id j611GicX003282;
Thu, 30 Jun 2005 21:18:20 -0400 (EDT)
Received: from ChadFultonwhz@cox.net by mock by uid 4969 with qmail-scanner-1.28
(clamscan: 0.69. spamassassin: 2.66. Clear:RC:0(255.72.118.120):SA:0(3.7/5.0):.
Processed in 2.21917 secs); Fri, 01 Jul 2005 02:18:20 -0000

In both cases, there's one valid "Received:" header, and one red herring. Usually (but not always), if the headers don't indicate

for <user@example.com>

just before the date, then more than one person at compuserve.com received the message. It wouldn't make sense to list all of the recipients there, so that clause is omitted.