#1
|
|||
|
|||
Spam Addressed to TAPCIS.COM
I got a piece of spam today. I am using Thunderbird, and I have filters to direct mail from my various Email accounts to separate folders. Anything not matching the filters goes to my Inbox folder. Since I have only three Email accounts right now, that would mean that what lands in the Inbox should have been addressed to me at tapcis.com. And yes, I have tested the filters.
The spam that arrived today was visibly addressed to larsenpbs@compuserve.com. I suspect that I was a blind copy, but if so, shouldn't my Email address appear somewhere? Telling T-bird to show all headers doesn't reveal anything that relates to me. The above is all a digression but I would like to know how to see whatever it is that caused the mail to come to me, especially so since I would like to know for sure what Email address was used. Mainly, though, how do I report this spam to tapcis.com or go daddy or whoever? And if I forward the message, will T-bird correctly include all the header information that might be needed? |
|
|||
I wanted to know to whom I should report the spam, i.e. the equivalent of spam@compuserve.com only for the tapcis.com webmail. In other words, I didn't mean "reporting in order to train the filters" I meant reporting so someone could go after the spammer, assuming that was possible.
I don't really care about spam filtering by the webmail itself, at least I don't think I do right now. But I will check it out anyway. I don't use my Earthlink account at all, haven't given the address to anyone, and haven't sent any Email with it. I get spam there, though, and decided to use their most rigorous filtering, i.e. if the sender isn't in my Earthlink address book (which is empty), a message gets sent to the sender asking whether he/she wants to be added so that I will then accept mail. So far no one has replied (what a surprise)! |
|
|||
Quote:
I decided to leave the spam filtering alone for now. I use the Thunderbird client to read my tapcis.com Email, so it would be a nuisance go to the webmail site all the time to mark the spam first so it could train itself. At least that's my understanding of its operation. I don't think we should have to live like this (spam filters, virus checkers, you name it). Guerri |
|
|||
One of the "Received:" headers may include the address to which the spam was sent. I presume you are not reading your guerri@compuserve.com mailbox with T-bird?
|
|
|||
Quote:
I have T-bird set up to automatically filter the mail so that mail addressed to the CompuServe account gets put into the CompuServe folder. |
|
||||
Quote:
--Lindsey |
|
||||
Quote:
--Lindsey |
|
|||
Are you absolutely certain that there's no way the mail from one mailbox could get intermixed with the mail from another? Did you check the "Received:" headers to see if the address to which it was sent is noted?
|
|
|||
Quote:
The visible address is a numeric CompuServe address on one of the messages, and a CompuServe PA on the other. Thinking this over now, I believe it is extremely likely that the spam *was* to my CompuServe account. I am also guessing that someone's Email was hijacked for the purpose, at least for the first spam, since the From shown has a name different from what appears in the headers. But I really know nothing about this stuff, so that's just a guess. |
|
|||
Quote:
__________________
-- jgr |
|
|||
It would be better if, when one is receiving a blind copy, the blind copy receiver's name were included somewhere. My Email address was just not there at all.
Admittedly, I should have guessed that if the visible address was a CompuServe address, mine was likely to be as well. |
|
|||
Quote:
__________________
-- jgr |
|
||||
Quote:
--Lindsey |
|
|||
Quote:
In some cases, one of them may insert the email address into a "Received:" header. That's why I've mentioned the "Received:" headers a couple of times already. As Lindsey suggested, in other cases, some mail servers will insert an "Apparently-to:" header. |
|
|||
Quote:
I tried again, this time choosing View>Message Source, which gives me a window from which I can select and copy. Here's a copy of the two "received" entries from one of the messages: Received: from host180.yousq.com (host180.yousq.com [65.217.169.180] (may be forged)) by siaag2aj.mx.compuserve.com (8.12.11/8.12.7/SUN-2.17) with SMTP id j632iV4d017834; Sat, 2 Jul 2005 22:44:54 -0400 (EDT) Received: from localhost [192.168.1.6] by mail5.bigfoot.com with ESMTP (SMTPD32-7.15) id A9F2DBD83416; Sat, 02 Jul 2005 22:32:02 -0500 Here's a copy from the other message: Received: from host500022.cotelcam.net.ar (host500022.cotelcam.net.ar [200.59.5.22]) by siaag2aj.mx.compuserve.com (8.12.11/8.12.7/SUN-2.17) with SMTP id j611GicX003282; Thu, 30 Jun 2005 21:18:20 -0400 (EDT) Received: from ChadFultonwhz@cox.net by mock by uid 4969 with qmail-scanner-1.28 (clamscan: 0.69. spamassassin: 2.66. Clear:RC:0(255.72.118.120):SA:0(3.7/5.0):. Processed in 2.21917 secs); Fri, 01 Jul 2005 02:18:20 -0000 I can't see any meaningful information in either of these, or in any other part of the headers for that matter, but would be happy to send them to you if you want them. |
|
||||
Quote:
__________________
--Dan in Saint Louis |
|
|||
View>Message Source also seems to do a good job of displaying the headers with scrollbars and you can copy/paste from it.
I went to the T-bird place where you can report problems, and searched around and I think the problem of the missing scrollbars with the headers has been reported. Don't know how soon it will be fixed, though. Or even if it will be fixed, for that matter. |
|
|||
Quote:
Quote:
for <user@example.com> just before the date, then more than one person at compuserve.com received the message. It wouldn't make sense to list all of the recipients there, so that clause is omitted. |
Thread Tools | |
Display Modes | |
|
|