Stopping Chinese Language Spam

  • Thread starter NEOclassic
  • Start date
163
0
Hello Email dependent colleagues,
By the time I got into this business I was pestered by spam but was relieved to find at the bottom of a page an offer to cease the unwanted postings.
Shortly, having failed to achieve success because, as someone informed me, any response received by a spammer was an indication that I was still alive and active and a signal to keep on spamming.
I have tried merely sending a "reply" but was frustrated by the web-master who couldn't reply because of the great multitude of addresses that the website couldn't handle.
Recently, I started receiving Chinese language messages and there seemed to be no way to get it turned off. So I tried the trick of copying the reply address and then bringing up the forwarding address which was blank and awaiting my input which I then pasted in and then sent. Usually, the Web master refused to send for want of a legal address - but apparently I had successfully forwarded the spam somewhere - perhaps back to China. Hereafter I'm going to try this reply-forward trick on Viagra, girly-girly, Insurance etc etc.

Let's all do it and perhaps the PF faithful membership can do something about unwanted stuff. Sincerely, Jim Osborn
 

damgo

You're still just reaching the spammers themselves, who use it to verify your address. What you need to do is turn on the option to "show full message headers" -- in Outlook I think it's 'message properties' -- and look for lines at the top that look like:
Code:
Received: from 34.52.24.123 (mx3foo.bar.com)
          by mail.myserver.edu
          for <myemail@myaddress.edu>; Sun 23 May 04:23:13
The exact format varies, but that tells you where the mail really came from -- here it's bar.com, often it will be hotmail or aol or something. Sometimes there will be more than one such line, in which case you should follow it all the way back. Then forward the message to abuse@bar.com, obviously replacing bar.com with wherever you got from the above Received ilnes.

Return-Path, Reply-To, and From headers are almost always forged on spam.
 
163
0
Thanks

Originally posted by damgo
You're still just reaching the spammers themselves, who use it to verify your address. What you need to do is turn on the option to "show full message headers" -- in Outlook I think it's 'message properties' -- and look for lines at the top that look like:
Code:
Received: from 34.52.24.123 (mx3foo.bar.com)
          by mail.myserver.edu
          for <myemail@myaddress.edu>; Sun 23 May 04:23:13
The exact format varies, but that tells you where the mail really came from -- here it's bar.com, often it will be hotmail or aol or something. Sometimes there will be more than one such line, in which case you should follow it all the way back. Then forward the message to abuse@bar.com, obviously replacing bar.com with wherever you got from the above Received ilnes.

Return-Path, Reply-To, and From headers are almost always forged on spam.
Thank you damgo!
 
163
0
Hi damgo

Originally posted by damgo
You're still just reaching the spammers themselves, who use it to verify your address. What you need to do is turn on the option to "show full message headers" -- in Outlook I think it's 'message properties' -- and look for lines at the top that look like:
Code:
Received: from 34.52.24.123 (mx3foo.bar.com)
          by mail.myserver.edu
          for <myemail@myaddress.edu>; Sun 23 May 04:23:13
The exact format varies, but that tells you where the mail really came from -- here it's bar.com, often it will be hotmail or aol or something. Sometimes there will be more than one such line, in which case you should follow it all the way back. Then forward the message to abuse@bar.com, obviously replacing bar.com with wherever you got from the above Received ilnes.

Return-Path, Reply-To, and From headers are almost always forged on spam.
Hi damgo,
I've tried your method without much success. Web servers indicate that there is no such address etc. Perhaps I am doing something wrong: eg, in your example where "bar.com" is the targeted address you have truncated the "mx3foo" at the dot separating foo.bar; If I do not find a dot I have been including all without truncation. My own experience with your "34.52.24.123" is that it supposedly accurately identifies the source - should this traditional group of four integers separated by dots be utilized?
Interestingly most of the spam comes from my own e-mail home (ie .attbi.com) and my prefix (j.osborn@) is in an alphabetic addressee sequence, eg; j.mxxx, j.nxxx, j.obrx, j.osborn, j.owex,j.pxxx etc. Isn't there some way that this wholesale sale of lists to spammers could be controlled? Perhaps in a manner analogous to that used to control unwanted telemarketing in the telephone industry. Thanks again for you kindness in this matter. Jim Osborn
 

chroot

Staff Emeritus
Science Advisor
Gold Member
10,166
34
The "dot-notation" is an IP address - a 32-bit, unique integer assigned to every computer, router, and other such device on the internet.

A hostname, like www.physicsforums.com,[/URL] is really just an alias for an IP address. Use of the hostname or the IP address is equivalent. If you type in 'www.physicsforums.com,' the first thing your browser does is a DNS (domain name service) lookup on the hostname, resolves it to an IP address, and then opens a connection to the machine with that IP address.

The names are just aliases made available via DNS for those of us humans with a penchant for forgetting 32-bit hex integers. ;)

- Warren
 
Last edited by a moderator:

chroot

Staff Emeritus
Science Advisor
Gold Member
10,166
34
Also, I should mention that often the very act of opening a spam email tells the spammer that you're alive. In today's world, many spammers send HTML spam, and most email programs display HTML. The spammer simply includes your email address in the URL of some element of the HTML when he encodes your message. Just by LOOKING at his HTML, you've contacted his servers and told him you liked it.

We really are rather defenseless against spam -- and that's the honest truth. The likelihood that you'll ever be able to actually find the person or company responsible for your spam is remote. SMTP is just extremely easy to screw around with.

Use a spam filter or a killfile. Most of your spam probably have some common headers that would make them easy kills.

It also looks like we're on track to have the government finally make it all illegal, thank god.

- Warren
 

Related Threads for: Stopping Chinese Language Spam

  • Posted
Replies
9
Views
4K
  • Posted
Replies
2
Views
3K
  • Posted
Replies
2
Views
1K
Replies
19
Views
3K
  • Posted
Replies
22
Views
4K
  • Posted
Replies
2
Views
2K
  • Posted
Replies
5
Views
1K

Physics Forums Values

We Value Quality
• Topics based on mainstream science
• Proper English grammar and spelling
We Value Civility
• Positive and compassionate attitudes
• Patience while debating
We Value Productivity
• Disciplined to remain on-topic
• Recognition of own weaknesses
• Solo and co-op problem solving
Top