Klarinet Archive - Posting 000427.txt from 2002/10
From: Nick Simicich <njs@-----.com>
Subj: Re: [kl] I miss this place
Date: Tue, 15 Oct 2002 15:57:35 -0400
--=======2EC57A9A=======
At 12:18 PM 2002-10-15 -0400, Mark Charette wrote:
>Now that the Klarinet archives & the "latest Postings" have all the '='s
>changed to '@-----. A couple of firms
>harvested all the addresses off of the archives.
Too bad. Consider getting an address from http://www.spamgourmet.com for
this list. It stops people from sending you personal e-mail offlist,
though. I have been using the same address since before spam, I deal with
it by filtering and reporting using spamcop --- some of my filtering is
pretty extreme, like I do not accept any mail with a yahoo ID. But the
best way to deal with this is just to close your archives - put them on a
web page that requires a well known password, or behind a form that
requires that a subscriber address be typed in for access. Supposedly, all
of the simple transmutations are well known to the harvesting software -
stuff like @-----.com"
or foo@-----.com or any of the variations that require that you remove
capitals. Many of the harvesters automatically try all the variations - I
watch the bounces on my system, and any variation of an address on my web
pages is probed.
>Many of the spam messages have 1) a "remove me from your list" address and
People who have experimented (clicked on all the removes from one address,
nothing of that sort from the other) note that the addresses which they
click on the removes from get way more spam. At least that was what was
reported recently on spam-l.
>2) Itty bitty images that signal you opened your email if your reader
>understands HTML.
No, only if it uses a renderer that can't be set not to load up off system
images. Eudora can be set that way when using its internal renderer (which
has to be more secure than Microsoft's renderer) and for OE, make sure that
security is set to "restricted sites zone" then open up IE, and go to
tools->security. Click on restricted sites, and click custom level, then
turn everything that is not already set to disable or prompt to disable or
prompt. I believe that data sources across domains and mixed content
control this.
>1) sometimes works - but the more "nasty" of the
>spammers record your email as a valid email address and then sell it for
>even more money. 2) is really insidious - if you open the email, you're
>caught. It works well, and there's really little you can do about it other
>than turning all HTML off in your mail reader - and personally, I can't do
>that on my incoming email for business reasons ;^(
The above, so far as I know, should keep "<img ...>" tags from appearing
for images that are not in the zone.
While you are at it, consider getting a copy of adaware (free) and checking
your system for shareware and cookies that are used to track you. While in
IE, click on security, and turn off cross-site cookies. This should stop
someone other than the page owner from putting a cookie on your computer,
say, for tracking your surfing on the web. Cookies that are already there
can be accessed, which is why you need to clean them off with adaware.
One thing that is interesting, is that someone just released an interesting
exploit on Bugtraq which allows any page that uses IE's active scripting to
read any file on your computer, run programs there, steal your cookies and
so forth. If you have IE 5.5 or 6, (unless you have installed SP1 on 6,
which is supposedly immune) you should turn off active scripting (or set it
to prompt) at all security levels. If your program does not report
"Version 6, Update Versions SP1" in help->about, you should download the
fixes and updates from Microsoft, and if you can't, turn off active scripting.
--
"Forgive him, for he believes that the customs of his tribe are the laws of
nature!"
-- George Bernard Shaw (1856-1950)
Nick Simicich - njs@-----.com
--=======2EC57A9A=======
---------------------------------------------------------------------
--=======2EC57A9A=======--
