[MarkHastings]

I use McAfee's Spam Blocker and have it set to the highest amount of blocking (i.e. only email addresses that I allow), but I just got a Spam email where they used MY email address as the "to" - This is SO INFURIATING!

As far as the other 'phoney' email addresses they use, it doesn't bother me too much, but this feels so much like an invasion of my privacy. I can not tell you how much I want the person (who sent this) to suffer horribly!!!

Should I just suck it up or what can I do about it? I am thinking of forwarding it to my service provider, but I doubt anything will come of it.

I can just see it now, I'm going to start getting 1,000 of emails each day from MY address!

[John Watson]

The industry has got to take some responsibility for this crap.

They have given us a really lousy email protocol. Between 'friendly' versions of addresses that so many people create, and the computer generation of spoofed sending and receiving addresses, we are being taken for fools. I don't know who is sending, or how something that doesn't bear any of my addresses, gets in my box.

If Gates was the least bit serious, the spoofing could be made impossible, and any spam could be traced, and the originators punished for their maliciousness.

I think legislation of the "do not contact again unless authorized within three attempts" is warranted. I think I even support a tax of 1 cent per email message sent. The scum who send millions of messages would think twice about pushing the send button.

I hope a day will come when the ISPs themselves take some responsibilty, and I just forward any spam that gets through to them, and know that they will deny service to the originators.

[MarkHastings]

Quote:

The industry has got to take some responsibility for this crap.

DEFINITELY! I mean, my phone has the capability to block 'unavilable' caller ID calls, so why can't they do something like this with email?

Is it that difficult to block an email that uses a phoney address???

[Paul Padilla]

The difficulty here is that many users at large take no responsibility for their own systems. What I mean by this is things like downloading, or allowing (or turning a blind eye to) their family to download screensaver, games, add-ins, neato tools to make their cursors do fun things...handing out their E-mail address to any and every web page that asks them to do so...setting up questionable file sharing programs to get the latest 50cent track on the cheap...and all the while many of these add spyware, adware, malware that compromise their security. They harvest E-mail addresses...personal information...passwords, etc. For every care that concerned computer users take, they have at least one acquaintence with their E-mail address who's teenage daughter just installed that free download which also installed spyware without her knowledge.

This information makes it into the hands of people who practice "war driving"...driving through neighborhoods using a high gain antenna and a wireless laptop looking for people who have purchased wireless networking equipment and ignored all of the warnings and instructions in the literature about setting it up securely. Their SSID wireless network name is being broadcast for everyone to detect...they don't use any of the MAC address filtering much less encryption or authentication recommended and laid out in the manual. So "Joe Schmo's family wireless network" is wide open for spammers to tap in...blast out a few thousand E-mails, and then move on to the next target. All of that spam appears to have come from the address of that homeowner and there's no way to prove otherwise.

Why not enable all of these types of security from the factory? It's infinitely more practical for users to begin with something that is wide open and lock it down from there, than to start with something that's locked down and learn what and how to open it up to allow the right communication to make it through. Joe Schmo and his family just want it to work, damn it!

By and large, consumers have always wanted one thing with computers. Ease of use. Now that spyware and spam are part of everyday vernacular, consumers also want complete security. These two things are in direct competition with each other. The more you lock things down the less compatible, or at least user friendly, they are. Most people who take an interest in their computer security are happy to sacrifice a little ease of use to keep out the crud, but there are thousands more people who could care less.

[MarkHastings]

Quote:

All of that spam appears to have come from the address of that homeowner and there's no way to prove otherwise.

...never thought of that.

But at least with "phoney" email addresses, they should have some kind of way to authenticate wether the email address is coming from the appropriate server/provider.

[Paul Padilla]

There are some specs being developed to do the kind of authentication you're talking about. One of the tough parts is the sheer volume of traffic it will create. For every E-mail that transmits from Server A to Server B...Server B has to go back to Server A and essentially say, "Hey...is "joe_Schmo@serverA.com" a legitimate E-mail address?" Then server A has to reply, etc. Now think of that kind of crosstalk for the thousands and thousands of E-mail servers and millions of E-mail addresses. I don't really know where the technology stands on that, but I do know it's a huge task.

Businesses have it even tougher because there's a careful balance of productivity (I'm the sales VP damn it, I don't have time to go through all this spam every morning) vs.
that one message tagged as spam because the idiot who E-mailed his HUGE order decided to include his favorite Nantucket lymerick.

All of that spam appears to have come from the address of that homeowner

Just to clarify...the IP address of the homeowner...not the E-mail address.

[DaveF]

Quote:

but I just got a Spam email where they used MY email address as the "to" - This is SO INFURIATING!

Accept it, or stop using email. From my basic research, this is unavoidable.

I have my own domain, a website of no consequence, and it receives 2000+ junk emails a day. These are random attempts to get through, sent to whomever@mydomain.com. Dumping all non-existent user names, I still get 80+ spam a day, including the most annoying, which spoof being sent from my primary account.

For me, MailWasher is the best solution so far, as it filters at the server, not on my client, avoiding long and pointless downloads.

As for SPAM solutions, I've not heard of any that would really work.

For the following, preface it with a since I wish the solution were so easy.

Quote:

I think legislation of the "do not contact again unless authorized within three attempts" is warranted.

Which will undoubtedly tax legitimate businesses and non-profits while not affecting spammers who already hide their identify and dodge existing laws against this.

Quote:

I think I even support a tax of 1 cent per email message sent.

Burdens legitimate businesses, raising prices. I already pay for my emails via ISP and web-hosting costs. I don't want additional fees. And how do you tax emails from friends, colleagues, and businesses overseas? And spammers will flaunt the system, vomiting out junk while hiding from such a law as they do existing laws.

Quote:

There are some specs being developed to do the kind of authentication you're talking about.

And what prevents spammers from creating new software to respond in the affirmative from the zombies creating the software? It will change the nature of spam. But will it reduce it?

My solution, which has gaping flaws, is to prosecute not the spammers, but the businesses being advertised by the spammers. Ultimately, spam points to an address, online or offline, selling something. Target those who profit from the spam, not the spammers themselves. Kill the demand, kill the supply. (I'll leave to the reader to find the killer flaw.)

Find the solution and you'll make a fortune (or at least be loved my the masses).

[John Watson]

Dave, I am no computer guru, but I am simply boggled to think that there is no way that the presently feasible easy-to-create phoney origin addresses cannot be eliminated from the software running e-mail. Or that the e-mails that bug us cannot be traced back to a specific source.

I want that (rebuilding of the e-mail software) to happen before I have to pay for spam washers. And I think the software industry, and the ISPs should pay for it, too.

The cost to serious legitimate businesses of a 1 cent tax is trivial - assuming they do not send millions of messages to people who don't want them?

Your idea of punishing the businesses (however possible) who pay the spammers makes sense to me.

[Tekara]

The main problem is that there are many places that don't protect their smtp servers (outgoing mail servers), with an unprotected smtp server, anyone can send their garbage email through it.

So if you set up a simple home email server and don't lock it down, spammer can send all of his email through your server, without your consent or knowledge. When the authorities track down the origin, guess where it came from? that's right. . . you!

[MarkHastings]

The problem with punishing the businesses (who are mentioned in an email), is that I can send 1,000,000 spam emails out and put a link to any business I want, and they'll get in trouble for it.

[Paul Padilla]

And what prevents spammers from creating new software to respond

...phoney origin addresses cannot be eliminated ...

Every system for every purpose can be circumvented. That doesn't mean a solution shouldn't be pursued. The system in this case would verify the MX (mail exchange) record of the domain in question using it's own trusted DNS server...I.e. what is the address of the legitimate E-mail server for JoeSchmo.com. The confirmation request would be sent to the IP address of the officially registered mail server for that domain. Sounds simple, but it's really not in practice. And there are security issues even with this. JoeSchmo.com's E-mail server risks exposing it's user database by such an exchange. Imagine if all JoeSchmo's legitimate users' E-mail addresses got out.

cannot be traced back to a specific source.

Please read my post above. I have a neighbor at this very moment who is running an unsecured wireless network. Messages can be traced back to the computer (or Internet connection) they were sent from, but not necessarily who sent them...that's the way it is. ISPs do have a responsibility to watch out for these things, but it's expensive. Consumers end up paying in the end.

1 cent tax is trivial...messages to people who don't want them?

Messages to people who don't want them isn't the point as that would constitute a fine rather than a tax and you can't fine people you can't find. But you don't realize the volume of E-mail businesses use. My company only has about 35 users and we send on the average 6 to 700 messages a day. So? (you say) $7 a day to conduct business...that's nothing. That's over $2000 a year. There are many companies who literally have thousands of employees...all using E-mail so do the math. And how do you enforce overseas communication?

I want that (rebuilding of the e-mail software) to happen...

That's akin to saying, "Do away with the US postal service and come up with something entirely new because I'm getting junk mail." The task is that large. And regardless of who pays for it up front, consumers, again, will pay in the end.

[MarkHastings]

Quote:

Accept it, or stop using email. From my basic research, this is unavoidable.

But I don't think we should have to accept it. As far as regular spam, I agree that we need to accept it since it's a free country and you shouldn't be arrested for advertising, but this is very close to "identity theft", which should hold some sort of legal action against the person who sent it???