TapcisForum  

Go Back   Tapcis Web Forums > Open Forums > Forum Use and Help

Reply
 
Thread Tools Display Modes
  #1  
Old July 1st, 2005, 04:07 PM
Guerri Stevens Guerri Stevens is offline
Member
 
Join Date: May 2005
Posts: 367
Default Spam Addressed to TAPCIS.COM

I got a piece of spam today. I am using Thunderbird, and I have filters to direct mail from my various Email accounts to separate folders. Anything not matching the filters goes to my Inbox folder. Since I have only three Email accounts right now, that would mean that what lands in the Inbox should have been addressed to me at tapcis.com. And yes, I have tested the filters.

The spam that arrived today was visibly addressed to larsenpbs@compuserve.com. I suspect that I was a blind copy, but if so, shouldn't my Email address appear somewhere?

Telling T-bird to show all headers doesn't reveal anything that relates to me.

The above is all a digression but I would like to know how to see whatever it is that caused the mail to come to me, especially so since I would like to know for sure what Email address was used.

Mainly, though, how do I report this spam to tapcis.com or go daddy or whoever? And if I forward the message, will T-bird correctly include all the header information that might be needed?
Reply With Quote
  View Parent  #2  
Old July 1st, 2005, 05:22 PM
Lindsey's Avatar
Lindsey Lindsey is offline
I'm here for the beer
 
Join Date: May 2005
Location: Richmond, VA
Posts: 5,601
Default

According to the Help, there's supposed to be a spam-reporting option on the webmail site that will allow you to "train" your spam filter, but that option doesn't appear to be available on the tapcis.com site. I don't know if that's something that can be requested or not; Judy may know.

In any case, there is a button available in the webmail box that will allow you to ratchet up your spam filtering options to filter spam more aggressively (see attached screen shot). I'd advise you to check the box on the web periodically, at least at first, to check your "Bulk mail' folder and be sure that good mail isn't getting snagged by mistake.

And no, if you are blind copied on a message, you won't see your own address in the headers.

--Lindsey
Attached Images
File Type: jpg spamset.jpg (47.5 KB, 4 views)
Reply With Quote
  View Parent  #3  
Old July 1st, 2005, 07:57 PM
Guerri Stevens Guerri Stevens is offline
Member
 
Join Date: May 2005
Posts: 367
Default

I wanted to know to whom I should report the spam, i.e. the equivalent of spam@compuserve.com only for the tapcis.com webmail. In other words, I didn't mean "reporting in order to train the filters" I meant reporting so someone could go after the spammer, assuming that was possible.

I don't really care about spam filtering by the webmail itself, at least I don't think I do right now. But I will check it out anyway.

I don't use my Earthlink account at all, haven't given the address to anyone, and haven't sent any Email with it. I get spam there, though, and decided to use their most rigorous filtering, i.e. if the sender isn't in my Earthlink address book (which is empty), a message gets sent to the sender asking whether he/she wants to be added so that I will then accept mail. So far no one has replied (what a surprise)!
Reply With Quote
  View Parent  #4  
Old July 1st, 2005, 08:29 PM
Guerri Stevens Guerri Stevens is offline
Member
 
Join Date: May 2005
Posts: 367
Default

Quote:
Originally Posted by Lindsey
... there is a button available in the webmail box that will allow you to ratchet up your spam filtering options to filter spam more aggressively (see attached screen shot).
Well, I checked the webmail site and gave myself several minutes of panic because I never wrote down my Email password and didn't know what I had used! The site helpfully provides a Q&A next to the login information that asks what to do if the password is forgotten and answers that you can go somewhere and CHANGE your password. Of course as far as I could tell, there was no way to go to that place without logging in and if the password is forgotten one cannot log in. Fortunately I finally remembered what the password was.

I decided to leave the spam filtering alone for now. I use the Thunderbird client to read my tapcis.com Email, so it would be a nuisance go to the webmail site all the time to mark the spam first so it could train itself. At least that's my understanding of its operation.

I don't think we should have to live like this (spam filters, virus checkers, you name it).

Guerri
Reply With Quote
  View Parent  #5  
Old July 2nd, 2005, 03:56 PM
Mike Mike is offline
Mike King (Troublemaker)
 
Join Date: May 2005
Posts: 3,085
Default

One of the "Received:" headers may include the address to which the spam was sent. I presume you are not reading your guerri@compuserve.com mailbox with T-bird?
Reply With Quote
  View Parent  #6  
Old July 2nd, 2005, 08:00 PM
Guerri Stevens Guerri Stevens is offline
Member
 
Join Date: May 2005
Posts: 367
Default

Quote:
Originally Posted by Mike
One of the "Received:" headers may include the address to which the spam was sent. I presume you are not reading your guerri@compuserve.com mailbox with T-bird?
I am indeed reading my CompuServe Email with T-bird. Why wouldn't I? Or maybe I should ask why shouldn't I?

I have T-bird set up to automatically filter the mail so that mail addressed to the CompuServe account gets put into the CompuServe folder.
Reply With Quote
  View Parent  #7  
Old July 5th, 2005, 08:11 PM
Lindsey's Avatar
Lindsey Lindsey is offline
I'm here for the beer
 
Join Date: May 2005
Location: Richmond, VA
Posts: 5,601
Default

Quote:
Originally Posted by Guerri Stevens
I wanted to know to whom I should report the spam, i.e. the equivalent of spam@compuserve.com only for the tapcis.com webmail. In other words, I didn't mean "reporting in order to train the filters" I meant reporting so someone could go after the spammer, assuming that was possible.
Sorry, so far as I know, there is no such address, and even if there were, it would be for the purpose of training filters, not going after spammers.

--Lindsey
Reply With Quote
  View Parent  #8  
Old July 5th, 2005, 08:14 PM
Lindsey's Avatar
Lindsey Lindsey is offline
I'm here for the beer
 
Join Date: May 2005
Location: Richmond, VA
Posts: 5,601
Default

Quote:
Originally Posted by Guerri Stevens
I don't think we should have to live like this (spam filters, virus checkers, you name it).
Agreed; as far as I am concerned, all spammers should be shot at dawn, but unfortunately, filters are about the best way to fight them at present.

--Lindsey
Reply With Quote
  View Parent  #9  
Old July 7th, 2005, 03:04 AM
Mike Mike is offline
Mike King (Troublemaker)
 
Join Date: May 2005
Posts: 3,085
Default

Are you absolutely certain that there's no way the mail from one mailbox could get intermixed with the mail from another? Did you check the "Received:" headers to see if the address to which it was sent is noted?
Reply With Quote
  View Parent  #10  
Old July 7th, 2005, 05:27 AM
Guerri Stevens Guerri Stevens is offline
Member
 
Join Date: May 2005
Posts: 367
Default

Quote:
Originally Posted by Mike
Are you absolutely certain that there's no way the mail from one mailbox could get intermixed with the mail from another? Did you check the "Received:" headers to see if the address to which it was sent is noted?
Well, the filters I use to put mail from my CompuServe account into my CompuServe folder are based on my personal alias or my numeric ID being in the To field. Neither of the spam messages (I now have 2) includes anything, anywhere, that contains that information. My belief is that I was a blind copy.

The visible address is a numeric CompuServe address on one of the messages, and a CompuServe PA on the other. Thinking this over now, I believe it is extremely likely that the spam *was* to my CompuServe account.

I am also guessing that someone's Email was hijacked for the purpose, at least for the first spam, since the From shown has a name different from what appears in the headers. But I really know nothing about this stuff, so that's just a guess.
Reply With Quote
  View Parent  #11  
Old July 7th, 2005, 09:30 AM
Judy G. Russell Judy G. Russell is offline
Chief Cook & BottleWasher
 
Join Date: May 2005
Location: NJ
Posts: 13,076
Default

Quote:
Originally Posted by Guerri Stevens
Thinking this over now, I believe it is extremely likely that the spam *was* to my CompuServe account.
That is by far the most likely.
__________________
-- jgr
Reply With Quote
  View Parent  #12  
Old July 7th, 2005, 08:04 PM
Guerri Stevens Guerri Stevens is offline
Member
 
Join Date: May 2005
Posts: 367
Default

It would be better if, when one is receiving a blind copy, the blind copy receiver's name were included somewhere. My Email address was just not there at all.

Admittedly, I should have guessed that if the visible address was a CompuServe address, mine was likely to be as well.
Reply With Quote
  View Parent  #13  
Old July 7th, 2005, 08:16 PM
Judy G. Russell Judy G. Russell is offline
Chief Cook & BottleWasher
 
Join Date: May 2005
Location: NJ
Posts: 13,076
Default

Quote:
My Email address was just not there at all.
That's one of the things that makes it effective as spam.
__________________
-- jgr
Reply With Quote
  View Parent  #14  
Old July 7th, 2005, 10:05 PM
Lindsey's Avatar
Lindsey Lindsey is offline
I'm here for the beer
 
Join Date: May 2005
Location: Richmond, VA
Posts: 5,601
Default

Quote:
Originally Posted by Guerri Stevens
It would be better if, when one is receiving a blind copy, the blind copy receiver's name were included somewhere.
I think sometimes it appears in an "Apparently to" field, but that would depend on which RFC the mail service was designed to follow.

--Lindsey
Reply With Quote
  View Parent  #15  
Old July 8th, 2005, 02:16 AM
Mike Mike is offline
Mike King (Troublemaker)
 
Join Date: May 2005
Posts: 3,085
Default

Quote:
Originally Posted by Guerri Stevens
It would be better if, when one is receiving a blind copy, the blind copy receiver's name were included somewhere. My Email address was just not there at all.
That depends on the mail servers all along the route of the message.

In some cases, one of them may insert the email address into a "Received:" header. That's why I've mentioned the "Received:" headers a couple of times already.

As Lindsey suggested, in other cases, some mail servers will insert an "Apparently-to:" header.
Reply With Quote
  View Parent  #16  
Old July 10th, 2005, 08:31 AM
Guerri Stevens Guerri Stevens is offline
Member
 
Join Date: May 2005
Posts: 367
Default

Quote:
Originally Posted by Mike
In some cases, one of them may insert the email address into a "Received:" header. That's why I've mentioned the "Received:" headers a couple of times already.
Yes, you have mentioned the "received" headers a couple of times. Each time I have dutifully looked at the Emails. I am using Thunderbird, and unfortunately T-bird does not do a good job of displaying the full headers. It displays them, but there are no scroll bars so whatever is not on the screen cannot be seen. I tried to select and copy the data, but that doesn't work either.

I tried again, this time choosing View>Message Source, which gives me a window from which I can select and copy. Here's a copy of the two "received" entries from one of the messages:

Received: from host180.yousq.com (host180.yousq.com [65.217.169.180] (may be forged))
by siaag2aj.mx.compuserve.com (8.12.11/8.12.7/SUN-2.17) with SMTP id j632iV4d017834;
Sat, 2 Jul 2005 22:44:54 -0400 (EDT)
Received: from localhost [192.168.1.6] by mail5.bigfoot.com with ESMTP
(SMTPD32-7.15) id A9F2DBD83416; Sat, 02 Jul 2005 22:32:02 -0500

Here's a copy from the other message:
Received: from host500022.cotelcam.net.ar (host500022.cotelcam.net.ar [200.59.5.22])
by siaag2aj.mx.compuserve.com (8.12.11/8.12.7/SUN-2.17) with SMTP id j611GicX003282;
Thu, 30 Jun 2005 21:18:20 -0400 (EDT)
Received: from ChadFultonwhz@cox.net by mock by uid 4969 with qmail-scanner-1.28
(clamscan: 0.69. spamassassin: 2.66. Clear:RC:0(255.72.118.120):SA:0(3.7/5.0):.
Processed in 2.21917 secs); Fri, 01 Jul 2005 02:18:20 -0000

I can't see any meaningful information in either of these, or in any other part of the headers for that matter, but would be happy to send them to you if you want them.
Reply With Quote
  View Parent  #17  
Old July 10th, 2005, 09:26 AM
Dan in Saint Louis's Avatar
Dan in Saint Louis Dan in Saint Louis is offline
Member
 
Join Date: May 2005
Location: Saint Louis, Missouri, USA
Posts: 1,093
Default

Quote:
Originally Posted by Guerri Stevens
T-bird does not do a good job of displaying the full headers
It sure doesn't. There is a way, if you think it is worth your time: Using a text editor like UltraEdit or Notepad, open the mailbox itself (it lives in your TBird profile). There you will easily spot the headers.
__________________
--Dan in Saint Louis
Reply With Quote
  View Parent  #18  
Old July 10th, 2005, 06:55 PM
Guerri Stevens Guerri Stevens is offline
Member
 
Join Date: May 2005
Posts: 367
Default

View>Message Source also seems to do a good job of displaying the headers with scrollbars and you can copy/paste from it.

I went to the T-bird place where you can report problems, and searched around and I think the problem of the missing scrollbars with the headers has been reported. Don't know how soon it will be fixed, though. Or even if it will be fixed, for that matter.
Reply With Quote
  View Parent  #19  
Old July 15th, 2005, 03:05 AM
Mike Mike is offline
Mike King (Troublemaker)
 
Join Date: May 2005
Posts: 3,085
Default

Quote:
Originally Posted by Guerri Stevens
I tried again, this time choosing View>Message Source, which gives me a window from which I can select and copy.
That's the best method.

Quote:
Originally Posted by Guerri Stevens
Here's a copy of the two "received" entries from one of the messages:

Received: from host180.yousq.com (host180.yousq.com [65.217.169.180] (may be forged))
by siaag2aj.mx.compuserve.com (8.12.11/8.12.7/SUN-2.17) with SMTP id j632iV4d017834;
Sat, 2 Jul 2005 22:44:54 -0400 (EDT)
Received: from localhost [192.168.1.6] by mail5.bigfoot.com with ESMTP
(SMTPD32-7.15) id A9F2DBD83416; Sat, 02 Jul 2005 22:32:02 -0500

Here's a copy from the other message:
Received: from host500022.cotelcam.net.ar (host500022.cotelcam.net.ar [200.59.5.22])
by siaag2aj.mx.compuserve.com (8.12.11/8.12.7/SUN-2.17) with SMTP id j611GicX003282;
Thu, 30 Jun 2005 21:18:20 -0400 (EDT)
Received: from ChadFultonwhz@cox.net by mock by uid 4969 with qmail-scanner-1.28
(clamscan: 0.69. spamassassin: 2.66. Clear:RC:0(255.72.118.120):SA:0(3.7/5.0):.
Processed in 2.21917 secs); Fri, 01 Jul 2005 02:18:20 -0000
In both cases, there's one valid "Received:" header, and one red herring. Usually (but not always), if the headers don't indicate

for <user@example.com>

just before the date, then more than one person at compuserve.com received the message. It wouldn't make sense to list all of the recipients there, so that clause is omitted.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -5. The time now is 07:33 AM.


Powered by vBulletin® Version 3.7.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.