User Tag List

Thanks useful information Thanks useful information:  9
Results 1 to 11 of 11

Thread: SPAM emails : Some advice

  1. #1
    Administrator ricktas's Avatar
    Join Date
    24 Jun 2007
    Location
    Hobart
    Posts
    15,641
    Mentioned
    10 Post(s)
    Tagged
    1 Thread(s)

    SPAM emails : Some advice

    With a few threads discussing spammers at the moment and how they are getting smarter in the way they try and steal from you. I thought it might be prudent to show members something that can assist, if you are unsure about an email you receive.

    Inside each email is a heap of 'hidden code', one thing this code has, is the IP address of the sender. Once you know how to access that code and check an IP address for its geo-location, it can assist in determining if an email is spam.

    Note that IP addresses can be made to appear like another, so do not rely on this as a sole source of determining if an email is legitimate or not, but it can help.

    In this example, I will show screens for Yahoo and Outlook. If you use other software, you may need google assistance in how to get to the header information, embedded within the email.

    Now, inside each email is a hidden header, that header contains all sorts of information about the email, sender, etc. The bit we are going to look for is the senders IP address.

    Here is a Yahoo email (spam) that I received, as an example. It is obviously spam, but in some cases, people can be unsure.

    email.jpg

    In Yahoo to access the header information you click the tools menu (the little cog) and then choose 'view full header',
    email-header-access.jpg
    and the following pop-up displays. As you can see it is mostly unreadable code, but there is in amongst that, some useful details.
    email-header.jpg

    If you scroll down through the header details you will find an originating IP address (this is the IP address of the sender of the email, or their ISP at least. Once you have an IP address, you can geo-locate the sender.
    email-originating-IP-address.jpg
    "It is one thing to make a picture of what a person looks like, it is another thing to make a portrait of who they are" - Paul Caponigro

    Constructive Critique of my photographs is always appreciated
    Nikon, etc!

    RICK
    My Photography

  2. #2
    Administrator
    Threadstarter
    ricktas's Avatar
    Join Date
    24 Jun 2007
    Location
    Hobart
    Posts
    15,641
    Mentioned
    10 Post(s)
    Tagged
    1 Thread(s)
    Now to geo-locate the IP address. There are many websites that let you search on an IP address to find out a generalised physical (planetary) location.

    Some of them are:

    http://whatismyipaddress.com/ip-lookup
    http://www.geobytes.com/ipLocator.htm

    But you can use another if you wish just google "IP Location" to find several.

    It is worth noting that some of these IP location services will return different results for the same IP address. But as long as you get a general idea of where the sender is, then that is all that is needed.

    So we copy the IP address into the IP seach box and do the search
    IP-search.jpg

    The result is we find our friendly watch seller, is located in Russia.
    ip-result.jpg

    As you can see this can be invaluable, and if a result is returned that is from Nigeria, China, Russia, India, Bangladesh and others, especially if the email sender is telling you they are somehwere else, then there is a fairly good chance your email is spam.

    NOTE: As said above, an IP address can be made to appear to be somewhere other than were it is, so do not use the fact that an IP address is from 'nearby' as being a fact. The above is only ONE tool you can use to help you determine if an email is a scam, but do not rely on it as your sole source. Always be diligent and conscious of what information you give via email to someone you do not know, in real life.
    Last edited by ricktas; 04-02-2012 at 8:07am.

  3. #3
    Administrator
    Threadstarter
    ricktas's Avatar
    Join Date
    24 Jun 2007
    Location
    Hobart
    Posts
    15,641
    Mentioned
    10 Post(s)
    Tagged
    1 Thread(s)
    In Outlook.

    Right-Click on the email header that appears in Outlook, then click on Message Options, from the pop-up

    outlook.jpg

    And there are the email header details, so you can scroll through and find the senders IP address.
    outlook-header.jpg

  4. #4
    Arch-Σigmoid Ausphotography Regular ameerat42's Avatar
    Join Date
    18 Sep 2009
    Location
    Nthn Sydney
    Posts
    16,796
    Mentioned
    21 Post(s)
    Tagged
    0 Thread(s)
    A very interesting discourse, Rick. BUT, I always thought that if you opened an email it could then cause some "damage", depending on whether it contained any malware, or at least "phish". Are you saying it's (at least sometimes) OK to open suspect mail?

    (Mine get even shorter shrift: suspicion = deletion w/o opening.)

    Am.
    CC, Image editing OK.

  5. #5
    Administrator
    Threadstarter
    ricktas's Avatar
    Join Date
    24 Jun 2007
    Location
    Hobart
    Posts
    15,641
    Mentioned
    10 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by ameerat42 View Post
    A very interesting discourse, Rick. BUT, I always thought that if you opened an email it could then cause some "damage", depending on whether it contained any malware, or at least "phish". Are you saying it's (at least sometimes) OK to open suspect mail?

    (Mine get even shorter shrift: suspicion = deletion w/o opening.)

    Am.
    Opening an email generally is not an issue, BUT opening an attachment is.

    Often these attachements are EXE files, or ZIP files. Running an EXE file can add software to your computer. ZIP files are compressed files and when you unzip them, often they have an auto-installer embedded in them and thus again, you install something on your computer that you don't want.

    The above is not the only filetype that can be an issue, but opening any attachment from an unknown source is not a good idea. Also attachments from friends, need to be considered carefully, as their email may have been hacked, and although the email comes from someone you know, it may not be safe.

  6. #6
    Arch-Σigmoid Ausphotography Regular ameerat42's Avatar
    Join Date
    18 Sep 2009
    Location
    Nthn Sydney
    Posts
    16,796
    Mentioned
    21 Post(s)
    Tagged
    0 Thread(s)
    OK. Ta for that. I didn't realise the email itself was not such a culprit.
    A week ago I got a couple of emails from a friend who virtually never sends anything. Being (a) momentarily surprised (dope) I clicked on the enclosed link. It was something about working from home. Then I realised. The next one I deleted unopened, and also the next three. I contacted him and learnt that he had had some malware that had hijacked his contacts list. (Anyway, all fixed now.)
    Am.

  7. #7
    Ausphotography Addict Richard Hall's Avatar
    Join Date
    06 Jan 2007
    Location
    Adelaide
    Posts
    5,286
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    If you're serious about privacy and security it's worth mentioning that you should also block remote images and content in all your emails and only allow it on a case by case basis if you're certain it's safe to do so. Simply put, remote content and images are what you see when you receive an email and it pulls images/content down from a remote location into the email.

    You would have seen them before, such as advertising brochure-type emails from many stores for example, those images aren't sent in the email, they're retrieved from a remote location/server when you open the email.

    There's a couple of reasons to block this behaviour; firstly, when the images are retrieved it's possible for any spammers to verify that your email address actually exists and this then opens you up to a flood of spam emails and secondly it IS possible to embed malware executables inside images.
    www.richardhallphotography.com



    Atheism is Myth-understood

  8. #8
    Ausphotography Site Sponsor/Advertiser OzzieTraveller's Avatar
    Join Date
    12 Oct 2009
    Location
    Forster- Tuncurry, eastern Australia
    Posts
    1,600
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Excellent information thankyou all above

    Quote Originally Posted by Richard Hall View Post
    .... remote images and content
    Q- is this bit in your email options OR your windows internet options??
    I can remember seeing this somewhere years ago, but where is the big Q

    Regards, phil
    Of all the stuff in a busy photographers kitbag, the ability to see photographically is the most important
    google me at Travelling School of Photography
    images.: flickr.com/photos/ozzie_traveller/sets/

  9. #9
    Ausphotography irregular Mark L's Avatar
    Join Date
    21 Nov 2010
    Location
    magical Mudgee
    Posts
    18,817
    Mentioned
    26 Post(s)
    Tagged
    0 Thread(s)
    I highly recommend http://www.privacyharbor.com/
    I don't really have a problem with spammers. Any email I receive from an address I haven't sent to, or previously accept from, is caught in a thing called Snapguard. I can preview them, then accept, discard or report as spam.
    This kinda means that I'm notified of the emails from addresses I know, and can worry about the rest later.
    It's w.w.w. based, so can be accessed from anywhere on the web.
    AND IT'S FREE.
    Note for anyone that investigates these folks. When sending an email, click on Private Email (at top left) to send via Common Email to make it easier for the recipient.
    As has been said, don't open attachments from sources you're not sure of.
    Last edited by Mark L; 04-02-2012 at 10:31pm. Reason: spelling

  10. #10
    Ausphotography Addict Richard Hall's Avatar
    Join Date
    06 Jan 2007
    Location
    Adelaide
    Posts
    5,286
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by OzzieTraveller View Post
    Q- is this bit in your email options OR your windows internet options??
    I can remember seeing this somewhere years ago, but where is the big Q

    Regards, phil
    It's a setting in your email client itself, where of course depends on what client you use. Most clients should have retrieve remote content off by default, but it pays to check this and I'm sure many people do download remote images just to see what the content of the email is without a thought to the security issues.

    edit: You can try here for Outlook 2003 and 2007. http://email.about.com/od/outlooktips/qt/et080504.htm (download remote images manually http://email.about.com/od/outlooktips/qt/et081904.htm)

    In Thunderbird it's on by default, so it pays to be aware when you get a warning about blocked remote content to consider where it's coming from before deciding to download it.
    Last edited by Richard Hall; 05-02-2012 at 12:24am.

  11. #11
    Account Closed
    Join Date
    05 Feb 2011
    Location
    CQ
    Posts
    922
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    This is a good start, but if you also have a website and are inviting sales enquiries from any Joe Blow, then you are going to attract a lot of spammers and sorting the wheat from the chaff can be problematic. You don't want to get more spam than genuine enquiries, but you don't want to miss a sales opportunity either. I'm not a programmer, so obfuscating email addresses in my website was too difficult for me. Generally I follow the same process that Rick described so well above.

    I take that one step further though and I ban that ISP from access to my website via the .htaccess file, and also delete or reject the mail from my mailserver before it gets into my inbox. Quite frankly I couldn't give a fat rat's arse if they can't see my website in Karachi or New Dehli. Before I banned all Indian IP's from access to my website, I could see them accessing my web pages via my stats package and two hours later, my just published email address would be getting hit with SPAM. Since banning 70% of the world's population (India, China, Pakistan, Bangladesh, Korea, Ukraine, Brazil, Canada, Mexico, and Colombia), my SPAM has reduced to bugger all. A little extreme, I know, butr my blood pressure has come down a few notches since doing it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •