Donate to Remove ads

Got a credit card? use our Credit Card & Finance Calculators

Thanks to johnstevens77,Bhoddhisatva,scotia,Anonymous,Cornytiv34, for Donating to support the site

Spam emails

Seek assistance with all types of tech. - computer, phone, TV, heating controls etc.
Clitheroekid
Lemon Quarter
Posts: 2858
Joined: November 6th, 2016, 9:58 pm
Has thanked: 1385 times
Been thanked: 3771 times

Spam emails

#278424

Postby Clitheroekid » January 18th, 2020, 8:15 pm

I have a fairly effective spam filter, but I continue to receive very short emails from people who are on my email contact list. A typical one (I've changed it slightly in case anyone is tempted to click on it) reads:

[my first name] http://bit.ly/2Rh5u6 Nicki

`Nicki' being the sender.

The large majority seem to be from people on my email contact list, but occasionally they're from unknown email addresses.

I'm not unduly bothered about them, as I just delete them without clicking on the link, but I'm curious to know whether they are actually arriving from a contact's address or whether that address is being forged - or `spoofed' as I think it's known.

If they are arriving from a contact's address I assume their equipment has been hacked, so should I tell them, and what should they do about it?

I'd also like to know where I'd end up if I were to click on the link.

TIA for any responses.

supremetwo
Lemon Quarter
Posts: 1007
Joined: November 8th, 2016, 2:20 am
Has thanked: 130 times
Been thanked: 196 times

Re: Spam emails

#278427

Postby supremetwo » January 18th, 2020, 8:41 pm

Definitely being spoofed as if from you.

Any many of the addresses derive from the Yahoo data breach (in 2014), whose mail services were provided via BT to many UK customers.
@btinternet.com @btopenworld.com and @talk21.com

https://www.theguardian.com/technology/ ... s-breached

1bn accounts compromised by biggest data breach in history

Yahoo said the stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers


So anyone you emailed then who had a BT account would be affected.

Also the spoofing activity has just resurfaced as I have been receiving similar in the last day or so to an email address that was active in 2015 and not used since.

supremetwo
Lemon Quarter
Posts: 1007
Joined: November 8th, 2016, 2:20 am
Has thanked: 130 times
Been thanked: 196 times

Re: Spam emails

#278429

Postby supremetwo » January 18th, 2020, 8:59 pm

Clitheroekid wrote:I'd also like to know where I'd end up if I were to click on the link.

TIA for any responses.

Mine was to was to a .ru web site advertising 'Student Reveals How He Earns More Than £35,000 Every Month Working From Home' from Bitcoin trading.

mc2fool
Lemon Half
Posts: 7812
Joined: November 4th, 2016, 11:24 am
Has thanked: 7 times
Been thanked: 3017 times

Re: Spam emails

#278433

Postby mc2fool » January 18th, 2020, 9:13 pm

Clitheroekid wrote:I'm curious to know whether they are actually arriving from a contact's address or whether that address is being forged - or `spoofed' as I think it's known.

No way to tell offhand from your description, however you can tell fairly easily, with a little practice to get your eye in on what to look for, by examining the headers of the email. Google for how to examine headers with your email programme then go look at a bunch; you should soon get the idea...

Infrasonic
Lemon Quarter
Posts: 4479
Joined: November 4th, 2016, 2:25 pm
Has thanked: 644 times
Been thanked: 1260 times

Re: Spam emails

#278435

Postby Infrasonic » January 18th, 2020, 9:21 pm


mutantpoodle
Lemon Quarter
Posts: 1007
Joined: November 7th, 2016, 4:21 pm
Has thanked: 509 times
Been thanked: 122 times

Re: Spam emails

#278468

Postby mutantpoodle » January 19th, 2020, 9:36 am

i am totally out of comfort zone here...BUT

I was somewhere advised to always 'hover the mouse icon' over the senders name in any emails
this reveals the actual senders emails address
if its some obscure address made up of odd letters/numbers etc then its obviously a fake
if its something you recognise then you a little closer to being safe

UncleEbenezer
The full Lemon
Posts: 10691
Joined: November 4th, 2016, 8:17 pm
Has thanked: 1459 times
Been thanked: 2965 times

Re: Spam emails

#278499

Postby UncleEbenezer » January 19th, 2020, 12:31 pm

mutantpoodle wrote:i am totally out of comfort zone here...BUT

I was somewhere advised to always 'hover the mouse icon' over the senders name in any emails
this reveals the actual senders emails address

It may do, but in general it doesn't. Mail headers are trivial to forge, and spammers commonly do (as generations of students and pranksters did before we had spam).

What you can check that way is a URL in the message. But even that is dangerous: a URL could contain a disguised address, and that's no longer limited to ASCII disguise (like I for l in "IIoyds", "barcIays" or "hI"), it could contain characters from greek, cyrillic, etc that look deceptively familiar.

mc2fool
Lemon Half
Posts: 7812
Joined: November 4th, 2016, 11:24 am
Has thanked: 7 times
Been thanked: 3017 times

Re: Spam emails

#278503

Postby mc2fool » January 19th, 2020, 12:41 pm

UncleEbenezer wrote:Mail headers are trivial to forge

Some fields in mail headers are trivial to forge -- like the "From" field -- but others are not, which is why examination of the headers, with a practiced eye, will help determine if an address is being spoofed or not.

UncleEbenezer
The full Lemon
Posts: 10691
Joined: November 4th, 2016, 8:17 pm
Has thanked: 1459 times
Been thanked: 2965 times

Re: Spam emails

#278544

Postby UncleEbenezer » January 19th, 2020, 2:56 pm

mc2fool wrote:
UncleEbenezer wrote:Mail headers are trivial to forge

Some fields in mail headers are trivial to forge -- like the "From" field -- but others are not, which is why examination of the headers, with a practiced eye, will help determine if an address is being spoofed or not.

Sure, but this isn't really the time and place.
The only old-style header that absolutely can't be forged is "Received". But that's only true from the point where the email reaches the recipient's network (or fully trusted peer). So you can be sure of a message's final hop or hops, but something before those could be forged to lay a false trail.
As for new-style verification frameworks, those can tell you something, but fall down in cases of hosted services such as gmail where "yes, we verify this as from a gmail sender" could be anyone, including companies who host email there under a non-gmail address.

mc2fool
Lemon Half
Posts: 7812
Joined: November 4th, 2016, 11:24 am
Has thanked: 7 times
Been thanked: 3017 times

Re: Spam emails

#278547

Postby mc2fool » January 19th, 2020, 3:10 pm

UncleEbenezer wrote:
mc2fool wrote:
UncleEbenezer wrote:Mail headers are trivial to forge

Some fields in mail headers are trivial to forge -- like the "From" field -- but others are not, which is why examination of the headers, with a practiced eye, will help determine if an address is being spoofed or not.

Sure, but this isn't really the time and place.

I disagree. I think a request asking how to know whether an address is being forged or not -- like the OP's -- is exactly the time and place to bring up what can (and can't) be learned from email headers.

Having said that I'll happily concede that I don't have the time to give a tutorial, hence my rather brief comments on it earlier ... :D

UncleEbenezer
The full Lemon
Posts: 10691
Joined: November 4th, 2016, 8:17 pm
Has thanked: 1459 times
Been thanked: 2965 times

Re: Spam emails

#278641

Postby UncleEbenezer » January 20th, 2020, 1:10 am

mc2fool wrote:
UncleEbenezer wrote:
mc2fool wrote:Some fields in mail headers are trivial to forge -- like the "From" field -- but others are not, which is why examination of the headers, with a practiced eye, will help determine if an address is being spoofed or not.

Sure, but this isn't really the time and place.

I disagree. I think a request asking how to know whether an address is being forged or not -- like the OP's -- is exactly the time and place to bring up what can (and can't) be learned from email headers.

Having said that I'll happily concede that I don't have the time to give a tutorial, hence my rather brief comments on it earlier ... :D


If you did have time and inclination, why would you post a tutorial here, rather than somewhere aimed at a more general audience, and where it will be seen by a techie audience who can help review it for you?

And even if you are indeed expert in all aspects of it, you'd be doing the OP no favours by posting such a thing here rather than directing him to an existing tutorial that's been written (doubtless through a few iterations) as a tutorial, and been subject to peer review.

Bottom line: if you want email with guaranteed (or even non-trivial-to-forge) integrity, learn about PGP. Get started, get your correspondents started (techies among them will already be using it but expect a non-techie's eyes to glaze over if they mention it), verify and sign each others' keys, and get yourselves into the Strong Set (which you'll understand once you've learned PGP).

mc2fool
Lemon Half
Posts: 7812
Joined: November 4th, 2016, 11:24 am
Has thanked: 7 times
Been thanked: 3017 times

Re: Spam emails

#278645

Postby mc2fool » January 20th, 2020, 1:54 am

UncleEbenezer wrote:
mc2fool wrote:
UncleEbenezer wrote:Sure, but this isn't really the time and place.

I disagree. I think a request asking how to know whether an address is being forged or not -- like the OP's -- is exactly the time and place to bring up what can (and can't) be learned from email headers.

Having said that I'll happily concede that I don't have the time to give a tutorial, hence my rather brief comments on it earlier ... :D

If you did have time and inclination, why would you post a tutorial here, rather than somewhere aimed at a more general audience, and where it will be seen by a techie audience who can help review it for you?

And even if you are indeed expert in all aspects of it, you'd be doing the OP no favours by posting such a thing here rather than directing him to an existing tutorial that's been written (doubtless through a few iterations) as a tutorial, and been subject to peer review.

Bottom line: if you want email with guaranteed (or even non-trivial-to-forge) integrity, learn about PGP. Get started, get your correspondents started (techies among them will already be using it but expect a non-techie's eyes to glaze over if they mention it), verify and sign each others' keys, and get yourselves into the Strong Set (which you'll understand once you've learned PGP).

Oh good grief, Clitheroekid didn't ask for "email with guaranteed integrity", he asked how he could know if the emails he was getting were from spoofed addresses or not, and the reason, if I had the time to do so, I'd post a brief explanation here is to try and help out Clitheroekid to answer his question!

I am sure you, of course, must know of existing tutorials of the type you mention that you will now be happy to direct him to in order to try and help him out, instead of continuing this rather non-fruitful distraction ...

UncleEbenezer
The full Lemon
Posts: 10691
Joined: November 4th, 2016, 8:17 pm
Has thanked: 1459 times
Been thanked: 2965 times

Re: Spam emails

#278660

Postby UncleEbenezer » January 20th, 2020, 7:32 am

mc2fool wrote:Oh good grief, Clitheroekid didn't ask for "email with guaranteed integrity", he asked how he could know if the emails he was getting were from spoofed addresses or not, and the reason, if I had the time to do so, I'd post a brief explanation here is to try and help out Clitheroekid to answer his question!

OK, I plead guilty to getting sidetracked here.

Please revert to my reply posted January 19th, 2020, 12:31 pm, which addresses the question simply and directly. Everything since that has been because potentially-very-misleading claims were being posted.

I am sure you, of course, must know of existing tutorials of the type you mention that you will now be happy to direct him to in order to try and help him out, instead of continuing this rather non-fruitful distraction ...


Not without quite a lot of work, first googling, then reviewing what I find to be sure I don't end up recommending something that's downright wrong. I couldn't even point you to the tutorials I've contributed to myself over the years (on topics such as guaranteed integrity) without googling. And if I post a reference to my blog (the place I can expect to find somewhat-relevant things without undue effort) the moderators here delete it.

But just to post something now in response to your challenge, here's a mention on someone else's blog of why you can't rely on SPF. No, I know you didn't say SPF, but I think you hinted at it when you claimed there were some headers that are not trivial to forge.


Return to “Technology - Computers, TV, Phones etc.”

Who is online

Users browsing this forum: elkay and 14 guests