[Hidden-tech] Drum Roll Please.... As another spammer walks tothefinancial guillotine

[Robert Heller]

At Tue, 14 Oct 2008 12:47:05 -0400 ussailis at shaysnet.com wrote:

> 
> Since I have had an email acct (about 1992) I have never read email using a
> "client" on my computer. I always read it from the server. Until the past
> two years, I just struggled thru HTML code, or deleted HTML email without
> reading it.

Hmm... By 'E-Mail client' I mean a program that provides an UI (however
simple) to the mail spool on the server machine. The client can run
locally on the server machine or on another machine.

I don't really believe you just did something like:

cat /var/spool/mail/$USER

The 'bare' BSD mail program is what I would consider an E-Mail client. 
As is pine, elm, and GnuEmacs's mail reader (all 'character cell'
based).

I use spamassassin from a procmail recipe file.  I set 'HTML_ONLY' with 
a very high spam score.  I then have a cron job that delete messages
with the HTML_ONLY spam tag from my spam folder.

> 
> I could never figure out why Mr Bill caused such a program like Outlook to
> change 2 lines of text into over 990 lines of code. Yes, I actually counted
> one of these. My "990 lines" could be off by a reasonable error amount, but
> the two lines of text is not.

Yeah, HTML can be really awful in terms of message size.  And if you
think Outlook is bad, people even use MS-Word as an E-Mail client!  Many
times *worse* than Outlook.

> 
> Read on the server? Up to 1996 I used a VAX and "Mail." From then to 2006 I
> used Telnet & Pine. Now I generally use www.mail2web.com (and ocassionally
> go to HTML because there is no other text format), or use Putty to get to
> the server, and again, use Pine.

VAXMail and pine are E-Mail 'client' programs.  As opposed to a MTA
server program like 'sendmail'.

> 
> www.mail2web.com supports either format.
> 
> What's fun about all this is to look for the hidden pixel, or find the neat
> way that phishers get the sucker to go to their web site that looks exactly
> like PayPal or some bank.
> 
> I have often wondered why PayPal doesn't go after them for using their
> copyright logos and info on an different site, or using the web site
> directly. Possibly PayPal isn't big enough, but Bank of America sure is.
> Assigning this to a small team effort and some lawyers would be a trivial
> cost. 

The E-Mail that 'fakes' PayPal, E-Bay, and on-line banking 'account
problems' never have any ligit contact info available.  And most banks
never send E-Mail directly to their customers at all (ALL of the
on-line banking systems I've ever used have an internal 'E-Mail' system
for messaging). These E-Mails always link to a server somewhere
offshore, often without a real domain name (eg by using a hard-wired IP
address).  The servers are rented using fake names. At best PayPal, et.
al. can sue the ISP/Hosting service, but this is usually fruitless,
since the ISP/Hosting services are not doing anything really illegal
themselves.

Note: PayPal NEVER sends HTML E-Mail.  E-Bay's login screen warns users
to check the location field on the browser to make sure it starts with
'https://www.ebay.com/'.

> 
> I have told some of my users to try www.mail2web.com. It is an excellent
> way to delete spam 100 at a time. Half dozen clicks, and gonzo.
> 
> 
> Jim U.
> jim at nationalwireless.com
>   
> PS Yes, I agree. HTML email is just plain stoopid. Furthermore I think many
> web pages are loaded up with too much code. Often I just want to look
> something. I don't need to look at a museum's worth of pictures of pictures
> in the process.

And the latest Web 2.0 nonsense: instead of using plain old <img> tags,
which can be blocked with browser settings and/or stopped with the
[STOP] button, the images (and other media) are loaded with JavaScript.
The page loads, the [STOP] button greys out, THEN the images start
loading.  This is a total pain when one is on a *slow* dialup, because
it pins your meager bandwidth and the only way to stop it is to 'pull
the plug' (shut down the network connection and then restart it).


> 
> 
> Original Message:
> -----------------
> From: Robert Heller heller at deepsoft.com
> Date: Mon, 13 Oct 2008 17:27:24 -0400
> To: sreed at avacoda.com, hidden-discuss at lists.hidden-tech.net
> Subject: Re: [Hidden-tech] Drum Roll Please.... As another spammer walks
> tothefinancial guillotine
> 
> 
>    ** Be sure to fill out the survey/skills inventory in the member's area.
>    ** If you did, we all thank you.
> 
> 
> At Sun, 12 Oct 2008 21:57:02 -0400 Scott Reed <sreed at avacoda.com> wrote:
> 
> > 
> >    ** Be sure to fill out the survey/skills inventory in the member's
> area.
> >    ** If you did, we all thank you.
> > 
> > 
> > Some spam is just sent to see if the email address is valid. An HTML 
> > image (could be just one white pixel) is included in the body of the 
> > message and when your email client opens the message, it loads the image 
> > from the spammer's server and your email address gets flagged as worthy 
> > of lots more spam. You can avoid this by configuring your email client 
> > not to display images without your confirmation and your subsequent 
> > diligence in confirming display of images only from non-spammers.
> 
> Even better: don't use an E-Mail client that displays HTML at all (or
> completely disable the display of HTML E-Mail). There is no *valid*
> reason for HTML E-Mail, and there never was.  Really.  99.9% of E-Mail
> is nowhere 'formal' enough to need or deserve 'formatting', other than
> the sort of formatting available with the space bar and/or the
> return/enter key.  Do you dig out your fancy acid-free paper and your
> calligraphy pens to scribble a note?  No, you just grab an envelope and
> scribble on the back -- most E-Mail is really just the electronic
> version of this. There are way too many ways to get 'screwed' by HTML
> E-Mail -- not only images via cgi ('web bugs'), but all sorts of fun
> with <embed> tags and JavaScript.  It also eats bandwidth big time -- a
> 100 character plain text E-Mail message can end up as 1k bytes once all
> of the HTML tags, style options, etc. are added in.
> 
> > 
> > ussailis at shaysnet.com [10/10/2008 9:44 PM] wrote:
> > >    
> > > Here's the part that I don't get...
> > >
> > > I get a lot of spam that doesn't have an identifiable product, for
> example
> > > a "little blue pill," has no address to get this product because the
> return
> > > email line is a "no reply," and no other info, other than "male
> > > enhancement."
> > >
> > > Nor does this spam have any attachments.
> > >
> > > Now I can figure out what it is about, but what is the point? To sell
> > > something a communication method is required.
> > >
> > > What is the point of the spam? Why did someone go to the trouble of
> writing
> > > and sending it?
> > >
> > > Jim U.
> > > jim at nationalwireless.com
> > >   
> > _______________________________________________
> > Hidden-discuss mailing list - home page: http://www.hidden-tech.net
> > Hidden-discuss at lists.hidden-tech.net
> > 
> > You are receiving this because you are on the Hidden-Tech Discussion list.
> > If you would like to change your list preferences, Go to the Members   
> > page on the Hidden Tech Web site.
> > http://www.hidden-tech.net/members
> > 
> >                                                                          
> 
> 

-- 
Robert Heller             -- Get the Deepwoods Software FireFox Toolbar!
Deepwoods Software        -- Linux Installation and Administration
http://www.deepsoft.com/  -- Web Hosting, with CGI and Database
heller at deepsoft.com       -- Contract Programming: C/C++, Tcl/Tk