Need Software? [OT mini-rant about people replying to spam. Sorry.]

neil woolford lists at neilwoolford.plus.com
Sat Nov 12 15:26:26 UTC 2005


On Sat, 2005-11-12 at 05:10 -0500, 'Forum Post wrote:
> 1) why the hell would you want to post windows software on a linux site
> 
> 2) I doubt that instant download=legal copy
> 
> 3)if I wanted any of that I could pirate it free-I had xp pro and
> dumped it for linux
> 
I applaud the sentiments, but:  the 'from' address in this spam will
have been *forged*, so if you reply to the apparent sender of the
message, you are actually filling *their* inbox (as well as the
Ubuntu-users list) with unwanted and pointless messages.

If you want to do something about it, look in the headers of the
message, such as the ones below from a similar email to the one you are
responding to.

Return-Path: <shane at wauf.com>
Received: from localhost ([220.231.64.59]) by raq7.lcn.biz
(8.11.6/8.11.6) with SMTP id j9Q4XxC26457 for <neil at neilwoolford.co.uk>;
Wed, 26 Oct 2005 05:34:00 +0100
Message-ID: <000001c5d9e5$827e9880$0100007f at localhost>
From: Camron Morris <shane at wauf.com>
To: neil at neilwoolford.co.uk
Subject: Three Steps to the Software You Need at the Prices You Want
Date: Wed, 26 Oct 2005 18:25:55 +0200  (17:25 BST)
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0001_01C5D9E5.827E9880"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-UIDL: \78!!1GF"!deD"!<&M"!
X-Evolution-Source: pop://neil@www.neilwoolford.co.uk/

Note first that the 'From' name and email address don't tally with each
other.  They are random mix and match from stolen address book
entries...  No point responding to either of them!

Note that there isn't an X-Originating-IP or X-Originating-Email;
another sign of likely forged headers.

The chain by which it reached me is suspiciously short;

Received: from localhost ([220.231.64.59]) by raq7.lcn.biz
(8.11.6/8.11.6) with SMTP id j9Q4XxC26457 for <neil at neilwoolford.co.uk>;
Wed, 26 Oct 2005 05:34:00 +0100

If I look up who [220.231.64.5] are, I find first that it is the
responsiblily of apnic - Asia and Pacific Network Information Centre -
this doesn't surprise me, as most of this style of spam appears to come
from the far east.  When I do a whois with apnic, I find a provider
based in Hanoi.

So at this point I'm going to give up, as I assume (perhaps unfairly)
that a complaint to abuse at viettel.com.vn would be unlikely to result in
any action.  But it might be better use of bandwidth than replying to
the poor suckers who've had their names and email addresses hijacked by
spammers.  Basically it's your call as to whether it is worth reporting
abuse, some ISPs take it seriously, others don't.

Neil

PS  I must be feeling grouchy today.  Could anyone add something more
constructive in the form of links to tutorials or information to help
people (me included!) to a greater understanding of what is actually
going on when spam is sent?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20051112/39a2d4b4/attachment.pgp>


More information about the ubuntu-users mailing list