Tag Archives: spam

spam

as of today, these are the TLDs i have blocked from sending email to my server, because of spam:

  • .bid
  • .date
  • .faith
  • .fun
  • .live
  • .online
  • .party
  • .stream
  • .trade
  • .website
  • .win

if your web site is under any one of these TLDs, you’re not going to be able to communicate with me over email, so you might as well give up now. it’s not going to work.

ETA: 180520 add to the previous list:

  • .club
  • .top

… give it up, folks. 😐

why i only accept plaintext email (and why you should, as well)

a couple days ago, a friend mentioned the fact that i only accept plaintext email, and asked if HTML email was against my religion. i said “yes”, and this is why i don’t accept rendered, HTML-formatted email. it is a story with a moral at the end, so pay attention.

today, i got an email that said it was from “DHL Customer Support <support@dhl.com>” and the subject line was “DHL Shipment Notification”…

keep in mind that the “From:” address is one of the easiest things about any email message to forge. among the other easy things to forge are the “Subject:” line, the “To:” line, and the body of the message, which is one of the reasons it’s not uncommon to get spam from “yourself”.

the spam i got contained the following message:

Notification for shipment event group “Delivery Exception” for &email&;
Dear Customer,

This is a notification that your package has experienced an exception, kindly follow the link to update your address: https://www.dhl.com/address_update

however, because of the fact that i only accept plaintext email, this is what i saw:

<p align=”LEFT”><span style=”font-size:12px;”><span style=”font-family:times new roman,times,serif;”>This is a notification that your package has experienced an exception, kindly follow the link to update your address:</span> <strong> </strong><font color=”#0000ee”><strong> <a href=”https://chicagoturfpros.com/wp-includes/css/dhl/login.php?login=ganesha@hybridelephant.com”><span style=”font-family:times new roman,times,serif;”>https://www.dhl.com/address_update</span></a></strong><span style=”font-family:times new roman,times,serif;”> </span></font></span></p>

for those who look carefully, particularly at the bigger sections of the text, you will discover that there’s a link — a href= — and the target of that link is chicagoturfpros.com…

BUT the apparent target of the link is actually dhl.com. this is compounded by the fact that SOMEONE has taken a lot of time and care to make it look like the dhl.com web site, even though it isn’t.

180513 badware
180513 badware

if i accepted rendered HTML-formatted email, i, very likely, would not have seen the fact that, instead of going to dhl.com, i was actually going to chicagoturfpros.com — WHICH IS EXACTLY WHAT THE SPAMMERS WANT TO HAPPEN!

because of the fact that the link also includes my email address, there is also the very strong probability that: 1) i would have clicked the “update address” button without noticing that i’m giving my personal information to “chicagoturfpros.com” or whoever is controlling their web site, and 2) even if i didn’t click the “update address” button, my email address is now a part of the web log for “chicagoturfpros.com” (or whoever is controlling their web site), which means that, even if they didn’t get my personal information, they have what is now a “valid” email address, with which they can, then, send me more spam.

because of the fact that i DO NOT ALLOW rendered, HTML-formatted email on my computer, they (whoever “they” is) don’t get ANY information from me.

which is precisely why you should NEVER allow your email client to render HTML-formatted email.

if you have a regular email client, not accepting rendered HTML-formatted email should be as simple as going to the settings and deselecting “Use HTML by default” or whatever your email client has (this is one of the differences in all email clients). if you use IMAP (web mail) you may or may not have that capability, so your mileage may vary. i very strongly recommend that you use an email client which is compatible with IMAP, and reply from that, even if you do use web mail. it makes things a hell of a lot easier, especially when you’re dealing with spam and identity theft.

i realise this is a lost cause, and that pretty much everyone sends, and receives HTML-formatted email by default, these days, but identity theft is still a MASSIVE problem, and it’s only being made worse by the default preponderance of HTML-formatted email. if you don’t want to have your identity stolen, ONLY ACCEPT PLAINTEXT EMAIL. it won’t guarantee that your identity won’t get stolen, but it will go a long way to make it a lot more difficult to do so.

this has been a public service announcement.

ETA: wordpress is concerned enough about my security that, yesterday, it sent me three notices concerning the fact that the link i provided above, which isn’t even a link, but just a text representation of what the link looks like, is a security risk, and offered to delete the page for me. THAT’S why i only accept plaintext mail. 👍

for further information, read In Apple Mail, There’s No Protecting PGP-Encrypted Messages which gives a contemporary example of why HTML-formatted email is evil.

Rule 3

an example of Rule 3, spammers are stooOOpid…

at 3:24 pm, today, this happened:

180501 stupid crack attempt
180501 stupid crack attempt

at 3:26 pm, today, i blocked 88.99.0.0/16 from accessing my web site.

you may not fit the definition of a spammer, but you are definitely stooOOpid. is it possible that you are a machine? you have not done your owner a favour, you know.

meta spam

i got spam the other day.

big surprise…

i reported it to the upstream provider, as i usually do. one of the upstream addresses to which i sent a report was abuse@rt.ru.

today i got a return receipt from that address. it said “Не прочтено” which means “not read”.

seriously, i wonder why a company as big as Rostieliekom would maintain an “abuse@” address and not have it respond to an abuse report. 😕

dear OVH

dear OVH,

i have been reporting, and blocking spam from your network for at least 5 years. i have at least 500 different addresses that you have used to hide behind, so that when the spam-reporting gets too extreme, you just start a new, incomprehensible email address… yes, i’m talking about fp01iidryzteec0r2yld@a.o-w-o.info and mkc7d52oxkmej7gwghxj@a.o-w-o.info and 94nhgu6xjcnivuapgan0@m.o-w-o.info and 0og193qe7kalvv4n0key@z.o-w-o.info and EVERY FUCKING thing in between…

through my moderate poking around, i have discovered that most of these addresses are for Florent Demuynck, Stephane LeSimple, Falco Schmutz, Grillion Alexis, Tarik Benammar, Edouard Vanbelle, Benjamin Ficheland, Laurent Allard, and others (some of whom may or may not still be employees of OVH), and/or their boss, Octave Klaba.

today, for the first time, i have actually blocked someone from OVH for trying to login to this blog… YES, MY BLOG has been probed by 158.69.223.8.

this is a warning: if i EVER catch you or any of your minions poking around my web again, i will block you so fast that it’ll make your head spin.

i’m on to you OVH. don’t push me, or you’ll feel my mallet! 😠