I the lonely girl

This is, without a doubt, one of the best emails that I’ve ever received.  Even if it is spam.

Hello!!

I looked your structure, and you have very strongly interested me, I want to know you closer, and probably we become friends or more.

I the lonely girl, I search for the man and I think, that you very much approach me also I want, that you would write to me on mine address of e-mail: ghuugifgjuy@yahoo.com

I shall be very glad to see your letter when, I shall receive your letter, I shall answer your message and I shall send you very good and beautiful photos, I think, that it very much to like you.

I shall tell to you a lot of interesting about me, I think, that very much to like you my stories about me, and I shall speak you only the truth, I not when do not deceive people.

I do not want you to ask, that you would answer me because I have no men and I very strongly miss on man’s caress and I search worthy for the man for me and it seems to me, that you worthy for me, and I want you to know closer.

I shall look forward to hearing from you, and you should not forget, that I every day shall look forward to hearing from you.

Yours and for ever Irina.

Dealing with spam

Junk E-mail folder

There’s a really interesting article in this month’s PC Plus magazine about the war against spam which gave me the impetus to try to do something about those annoying spam messages that appear in my inbox with my email address in the ‘from’ field, like this:

123greetings.com [gareth@garethjmsaunders.co.uk]

Anti-spam software

I use Cloudmark Desktop, a spam blocking add-in for Microsoft Outlook 2007. It’s unobtrusive and pretty reliable, eliminating about 99% of all spam that gets delivered to my inbox. (In the last 4 days I’ve received 166 junk mail messages.)

But it has been those last 1% of messages that have been really annoying me these last few weeks, the ones that have been sent out to look as though they have come from my email account.

So I did a bit of investigating and have discovered a way that I can also send those messages to the Junk E-mail folder while retaining those emails that have genuinely been sent my myself (test emails or those that I’ve CC-ed or BCC-ed to myself for archiving purposes).

Outlook rules

Like most email clients Outlook allows you to define rules (sometimes known as filters).

Rules help you manage your e-mail messages by performing actions on messages that match a specific set of conditions. After you create a rule, Microsoft Outlook applies the rule when a message arrives in your Inbox or when you send a message.

1. Rules and Alerts…

In Outlook 2007 you can access the rules wizard by going to Tools > Rules and Alerts…

Outlook rules

Not surprisingly, this brings up the Rules and Alerts window:

Rules and Alerts

2. Email headers

And now for the science bit… It occurred to me that I needed to create a rule that did two things:

  1. Flag any emails that have my email address in the sender’s address.
  2. Check to see if I really did send those or not.

So within any message supposedly sent from myself I needed to look for some kind of unique value that could prove to Outlook that I really did send those emails. For that information I turned to the email headers.

In Outlook 2007 these are located on the Options panel, by clicking the tiny arrow at the bottom right of the panel:

Viewing Internet headers in Outlook 2007

As well as the information that you can immediately read within an email there is a lot of hidden data, known as ‘headers’, also transferred with each email; information such as where the email message was sent from, its return path (where the email should be sent if the recipient presses “Reply”).

Here’s an example from a random item of spam I received yesterday:


X-POP3-From: surveyingxq@rossiter.com
Return-path: <surveyingxq @rossiter.com>
Envelope-to: gareth@garethjmsaunders.co.uk
Delivery-date: Mon, 12 Oct 2009 13:17:47 +0100
Received: from laubervilliers-000-11-22-33.w444-555.abo.wanadoo.fr ([123.145.156.178]:25793 helo=SpeedTouch.LAN)
by server.mymailhost.co.uk with esmtp (Exim 4.54)
id 1MxJqT-0000Xc-4O
for gareth@garethjmsaunders.co.uk; Mon, 12 Oct 2009 13:17:46 +0100
Received: from 123.145.156.178 by mail.rossiter.com; Mon, 12 Oct 2009 14:17:43 +0100
Message-ID: <000d01ca4b36$00064ad0$6400a8c0@surveyingxq>
From: "123greetings.com" <gareth @garethjmsaunders.co.uk>
To: </gareth><gareth @garethjmsaunders.co.uk>
Subject: You've received a postcard
Date: Mon, 12 Oct 2009 14:17:43 +0100
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0006_01CA4B36.00064AD0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180</gareth></surveyingxq>

I can immediately identify a number of values here that prove to me that I didn’t send this email:

  1. The return-path is wrong. It’s not set to my email address. (With some testing, however, I discovered that this isn’t a reliable field to check against as some spammers also populate this with the email address they send the email to, i.e. yours!)
  2. The HELO value is also wrong — “HELO” is the SMTP command that the sending machine uses to identify itself to the receiving machine — it should be set to the network name of my PC, which for arguments’ sake we’ll call ‘GARETH-PC’.
  3. The X-Mailer value is also wrong. I don’t use Microsoft Outlook Express.
  4. I also noticed that this email didn’t have an Organization set in the headers. Now I know that I have set the organization information in my email account, so that’s another value I can check for.

So against any of these four items I can check any message that has been supposedly sent to me and determine whether I really have sent it or not.

3. My rules

So I have built up my rule piece by piece to read:

Apply this rule after the message arrives
with gareth@garethjmsaunders.co.uk in the sender’s address
move it to the Junk E-mail folder
except if the message header contains ‘helo=GARETH-PC’ or ‘my_alternative_isp.com’ or ‘Organization: My organization name’

And that’s it. Remarkably, it seems to work quite effectively. In the last few days that I’ve been using it I’ve had only 1 spam message left in my inbox. Everything else has been suitably and efficiently whisked away to the Junk E-mail folder. Long may that continue.

Phishing spam

Got some more phishing spam this week at work.  This time it was supposedly from ACCOUNT CENTER and had the subject UPGRAD YOUR ACCOUNT.

Nice use of British English there.

Here’s what it said:

Dear Email Account Owner,

Wow! A personalised email, then!

This message is from educational messaging center to all our email account owners. We are currently upgrading our data base and e-mail account center.

We are deleting all our  email accounts to create more space for new accounts.

Wait, wait, wait!

First of all, I love the name of the administrational unit: “educational messaging center”, and with American spelling of centre too … and not a capital letter in sight.

Their reasoning for asking you to send them your username and password (which is the next bit) is terrific: “we are deleting all our email accounts to create more space for new accounts.”

That doesn’t even make business sense!  It’s like a bank saying: “we are clearing out all the money in the bank in order to create more space for new money.”

It finishes off by saying:

Thank you for using st-andrews.ac.ukk!
Warning Code: VX2G99AAJ

I looked up that warning code, it stands for: “This e-mail was sent by phishing, scamming scum”.  Good to know.

NOTE: This message is authorize by the st-andrews.ac.uk email account protector unit.Notification message will be send back to you after verifying your account before account could be reset. All right reserve.

Wow! I wish we had an “email account protector unit”, that sounds like a cool place to work. I imagine that they dress up in armour and have a big round table with a hole cut out of the centre in which they place the e-mail server.

Do not reply

SERIOUSLY, if you ever get an e-mail anything like this: DO NOT REPLY.

Instead, if you have any doubt about its authenticity then just forward the e-mail to me, along with your username and password, date of birth, address and …

Only joking, I don’t want to see your spam, I get enough of it myself!

Bank account locked

Egg Internet Banking - Your Online Banking Account Is Locked

It would appear from these 13 emails that I received this afternoon — in the seven minutes between 14:02 and 14:09 — that access has been locked to my Egg Internet Banking account.

That might otherwise concern me, were it not for the fact that I don’t actually bank with Egg Internet Banking.  I have a shoebox stuffed with cash stored securely in the safe of another UK bank.

Don’tcha just love spam!

Remember folks, if you get an email purporting to be from your bank: treat it with the utmost suspicion.  I don’t ever remember my bank ever emailing me.  If in doubt: phone the bank, or visit your local branch, never reply to those emails.

Apart from that one time when I had to arrange for US $23,000,000 to be paid into it for a couple of weeks while I was helping out some displaced African prince who’d kindly got in touch with me via email.

Junk E-mail

Unbelievable!  Since Sunday I’ve been sent 499 spam (unsolicited/junk) e-mails to my home accounts!

I was reading recently that currently something like 90+% of all email is spam, and that it comes from only a handful of sources.

In many ways I’d much rather our governments waged a ‘war’ on spammers than on the anonymous face of international terrorism.