PDA

View Full Version : E-mail address Security



trapdoor
2002-Nov-19, 09:26 AM
Below is a transcript of an e-mail I got via registering for this web-site. How do I know it was from here? I own a domain name which allows me to deliberately use a different e-mail adress when I subscribe to things on the net.

So even if you guys do not sell the adresses, perhaps you should make them harder for a spider to find . . . .

Not Happy

James




From: Mr. George Welele
Reply to: welele2003@ecplaza.net

Dear Sir,

THE 8TH ALL AFRICAN GAMES

I am Mr. George Welele, the Chief Accountant of the Federal Ministry of Youth,Sport,and culture Parent body of the Local
Organizing Committee of the 8th all African game tagged[COJA] 2003 taking place in my country in 2003, . In the course
of our preparation to host the 8th all African games , Huge sum of money running into millions of United States Dollars was
budgeted by the present civilian administration of our president Chief Olusegun Obasanjo for the successful hosting of this
competition. In the same vein, the supreme council for sport in Africa made millions of dollars available for the same
competition.

However, in my capacity as the Chief Accountant, to both local organizing committee (LOC), and the Federal Ministry of
Youth,Sports and culture , I and some of my colleagues in sensitive positions were able to influence the award of a
contract for the supply and installation of some of the equipment that will be used for the competition.

The contractor who handled these projects agreed to give i and my colleagues 10% of the total contract sum, if we were
able to influence the award of the contract to their favour. So many foreign firms bided for this same contract, but because
we knew whom we wanted the contract to be awarded to, we made sure that the contractor we had this understanding
with won the contract. They have been paid 90% of their total contract sum remaining the balance of 10% which we never
wanted them to collect on our behalf because of the fear that they might not give us the balance of 10%. It is pertinent to
note that, the remaining balance of a total sum of seven Million united states
(US$7,000,000.00) is lying in the suspense
account at First Chartered Bank Lagos, ready for transfer into any good bank
account of your choice.

I have been unanimously mandated to seek for an honest and trustworthy foreign partner who will assist in ensuring the
successful transfer of the above sum of money into his Personal/Company account since the Nigerian Code of Conduct
Bureau does not permit us to operate a foreign account as public servants. On the successful remittance of the fund (US
$7,000,000.00) into your nominated account, for your kind assistance you will be adequately compensated.

Be rest assured that, the modalities and logistics towards the successful transfer of this fund has been worked out. All we
require from you is your cooperation. This transaction is 100% risk free. We Kindly request that you accord it the highest
level of secrecy it deserves.

Your swift response will be highly appreciated and kindly provide your phone and fax numbers for more informative
discussions. Upon your acknowledgement of this proposal, I will forward to you the detailed procedure for this transaction.

Note that, this transaction is legal and free from all sorts of risk and trouble. It does not contravene the laws of my country
nor any International laws; hence the whole approval for the transfer will be official and legally processed. This transaction
will be concluded within five (5) working days if we follow it up and give it the serious attention it deserves. Awaiting your prompt response.

Best Regards,
Mr. George Welele.

************************************************** *********
This is an Opti-Target network mailing. You were subscribed to this
free service through one of our partner sites. If you believe this
email has reached you in error or if you no longer wish to receive
these updates, please, **DO NOT** reply to this e-mail. Instead,
follow the link below to unsubscribe.

Click (or paste) this link to Unsubscribe: http://www.opti7.com/central/unsub.php?uni=prince@idsventures.com

Requests may take up to 72 hours to process. As a result, you may
receive additional e-mail during this time. Thank you for your patience.


<font size=-1>[ This Message was edited by: trapdoor on 2002-11-24 19:11 ]</font>

trapdoor
2002-Nov-19, 10:18 AM
Sorry one other thing- I have been subscribed to 2 other UBB forums for 2 and 3 years each. I use different e-mail adresses for each of those so I can divert reply messages to a separate folder.

I Have NEVER got spam from them, I have been subscribed to this forum for 3 weeks . . . .

g99
2002-Nov-19, 11:44 AM
yah i just got it too. Hmmm...I am not pissed, i just deleted it. But there might be a security risk there. Has this happened before on this board anyone? Did anyone else get it?


It was probobly some spider hacking into the site. I really doubt that the B.A. sold our e-mails. I know that astronomers don't make alot of money (heck any job that is actually good for the people: teachers and scientists, make the least amount of money)But he can't be that low on cash.
_________________
"I am not conceited, i'm perfect"
"It takes Thousands to fight a battle for a mile, Millions to hold an election for a nation, but it only takes One to change the world." by Dan Sandler 2002

<font size=-1>[ This Message was edited by: g99 on 2002-11-19 06:57 ]</font>

Argos
2002-Nov-19, 12:15 PM
I'm fully convinced of BA's honesty. He's been missing a lot of money making opportunities in this site.

Roy Batty
2002-Nov-19, 02:18 PM
On 2002-11-19 06:44, g99 wrote:
yah i just got it too. Hmmm...I am not pissed, i just deleted it. But there might be a security risk there. Has this happened before on this board anyone? Did anyone else get it?


Yeah, I got it too, plus a few others of the same ilk over the past dew days.
Always figured spam was a risk which is why i use a seperate email for BB's as well.
I figure that if u can see the email addresses then they can be poached somehow.

p.s suggest 'About The BABB' would be a better forum to post this under

_________________
N6MAA10816

<font size=-1>[ This Message was edited by: Roy Batty on 2002-11-19 09:23 ]</font>

The Bad Astronomer
2002-Nov-19, 04:28 PM
I will look into this. I do not give out the email addresses of people on this site. Possibly someone got into the database somehow and grabbed the addresses. I will look into this later today.

I am still waiting for my web host to upgrade my site so I can install the better BB software. I'll call them today about this too.

I am terribly sorry if you are being spammed because of this board. Believe me, I hate spam; I get 40 or 50 emails of it a day and it's a major pain to delete.

Jim
2002-Nov-19, 04:57 PM
I get so much spam fom so many sources, it's impossible to figure out where they got my email address. But the mention of someone (or a robot) spidering the site is probably right on.

This doesn't really bother me as I use an Internet-based email account for "public consumption." My home email address is kept private. I'd suggest this to anyone bothered by spam.

jest
2002-Nov-19, 07:42 PM
Yeah spam sucks. I do customer support at an internet-based company and I clear out 50 or so spam mails per day while sifting through the actual support questions. I use a hotmail account for most of my online dealings because I don't care what happens to it. I just set up a junkmail folder and any mail that comes from an unknown source is thrown there, and I check it every couple days to make sure it's all junk before clearing it. It's actually fairly hard to escape spam these days....

Colt
2002-Nov-19, 08:54 PM
Unfortunatly I have to use Hotmail as my main account. It would be really cool if we could have email addresses here. Colt@badastronomy.com sounds good. /phpBB/images/smiles/icon_smile.gif I wouldn't mind paying a fee for registering on it one bit. -Colt

g99
2002-Nov-19, 11:04 PM
one thing i like is my junk account that i use for signing up for free stuiff and others is my yahoo account. What they now do is anything from a known spam site you can block and if it is a mass e-mail like that they put it automatically in a seoperalt folder. Really cool. Easily allows me to seperate them.

trapdoor
2002-Nov-20, 01:04 AM
On 2002-11-19 11:57, Jim wrote:
I get so much spam fom so many sources, it's impossible to figure out where they got my email address. But the mention of someone (or a robot) spidering the site is probably right on.

And what I am saying is that I know it came from here, as I have never used this e-mail address for anything else.

I believe you if you say that youi do not sell the addresses, I was probably more pissed off than anything as I have been a subscriber to much bigger BB's for a much longer time and never had a problem.

I wonder what legal recourse you have against the people who did this?

Either way- for the moment I would suggest that people on this web-site hide their address in their profiles, as this is more than likely where the spider was able to obtain the addresses

ljbrs
2002-Nov-20, 03:41 AM
Trapdoor:

If you do not wish to receive spam and unwanted messages, do not list your website or your e-mail address anywhere. I, myself, do not list my e-mail address, so I do not get such spam.

However, I get a lot of spam at all of my e-mail sites. I have a great delete finger perpetually handy to take care of them. In addition, I have *protection* which I upgrade regularly for any idiots who have nothing better to do than to send me nonsense.

So, welcome to the Internet!

ljbrs /phpBB/images/smiles/icon_smile.gif /phpBB/images/smiles/icon_smile.gif /phpBB/images/smiles/icon_smile.gif

David Hall
2002-Nov-20, 05:41 AM
On 2002-11-19 11:57, Jim wrote:

This doesn't really bother me as I use an Internet-based email account for "public consumption." My home email address is kept private. I'd suggest this to anyone bothered by spam.


This is a good idea, but I've run across sites that do not let you use "anonymous" email addresses like Hotmail. That doesn't bother me when it's a trustworthy site that doesn't display your address anywhere on the page, but not so good when it's a message board or such that posts your contact info. That kind of thing really p's me off.

Spammers can be merciless. One day I posted some messages on a couple of boards using a new hotmail address, and within an hour I started receiving spam. After a month or so I was getting over 90 ads a day from them. Hotmail has updated their filters, but I'm still getting 30 or so.

It would help if Hotmail would allow wildcards in their block filters. Simply blocking anything with a strange country code such as .ro would get rid of about 80% of it. But for now you can only block full addresses, and the maximum number seems to be about 250. Nowhere near enough.

Sorry, just a bit of ranting against M$ again.

g99
2002-Nov-20, 06:38 AM
go for yahoo mail. Any wierd adress gets put into a bulk mail folder. So i just delete that with only a glance. Then i only have to go throught the odd 3 or 4 anying e-mails.

Just whatever you do DON'T hit unsubscribe to a e-mail that is not from a reputable company!!! It is a common trick for spammers to use that to find out if the adress they are sending the mail to is real, and then they spam the heck out of you.

Argos
2002-Nov-20, 01:11 PM
There's sundown on e-mail communications (http://www.cnn.com/2002/ALLPOLITICS/11/20/homeland.security/index.html).

We'll need not only anonymous e-mail, but also anonymous machines.

Big Brother is watching you.

(How I miss Bill Clinton times)

The Shade
2002-Nov-20, 01:32 PM
I used to get a pack load of spams every day on my hotmail account. Some months ago, I activated some word filters ( I can't name them because this is a family oriented website /phpBB/images/smiles/icon_smile.gif ). Those word filters dealt with anything having to do with pornagraphy (the main spammers) and banking (the second major spammers). Basically, the filters will scan the email subject, and if it finds any words listed on my filters, it will block that email. Using this method has cut my spams from about 30-40 a day to 10-20 a day. It's not perfect, but it helps.

SeanF
2002-Nov-20, 05:21 PM
On 2002-11-20 08:11, Argos wrote:
There's sundown on e-mail communications (http://www.cnn.com/2002/ALLPOLITICS/11/20/homeland.security/index.html).

We'll need not only anonymous e-mail, but also anonymous machines.

Big Brother is watching you.

(How I miss Bill Clinton times)


Yuh-huh. That news page has a link to the actual text of the bill. Can you point me to the specific provision(s) that constitute such a threat? I just don't see it.

(Maybe PM me on it, since it is slightly off-topic) /phpBB/images/smiles/icon_wink.gif

Russ
2002-Nov-21, 12:03 AM
Hey Trapdoor:

I've never gotten a spam I can attribute to this site. I've been a regular since 1996. I understand your grief with spam though. At one point I was getting 120 to 140 a day mostly banks, mortgage co's and telemarketers looking for stooges to make calls. I got the Norton Guard Dog kit and WHAT A DIFFERENCE! I get 10 or 20 now and they are only from the spam pro's who know how to beat the guard dog. (new subject & new address every mailing)

You can trust Phil. He's a good guy. /phpBB/images/smiles/icon_biggrin.gif

Argos
2002-Nov-21, 11:10 AM
On 2002-11-20 12:21, SeanF wrote:
Can you point me to the specific provision(s) that constitute such a threat? I just don't see it.

(Maybe PM me on it, since it is slightly off-topic) /phpBB/images/smiles/icon_wink.gif




Well I see it slightly on topic, since the topic is about e-mail. /phpBB/images/smiles/icon_smile.gif

As a matter of fact, the law package issued brings to light something called "Total Information Awaredness" (or something like that; you know it better than I do from my point of vantage).

I don't intend to discuss politics here, but spam will be a minor issue when the Falcons come in.

<font size=-1>[ This Message was edited by: Argos on 2002-11-21 06:17 ]</font>

GrapesOfWrath
2002-Nov-21, 02:32 PM
On 2002-11-19 20:04, trapdoor wrote:
Either way- for the moment I would suggest that people on this web-site hide their address in their profiles, as this is more than likely where the spider was able to obtain the addresses

And, I notice, that the other folk who said they got the spam-mail do have their email address in their profile. On the other hand, I do not, and I did not get the spam. So, that is almost definitely true. If the BA were actually selling email addresses, I'm sure mine would have been one of the first to be sold. /phpBB/images/smiles/icon_smile.gif

The board also provides private messaging for board members who want to communicate privately with each other.

I think you jumped to a conclusion, in your topic name: "So you guys sell e-mail addresses". Perhaps you should change the name?

trapdoor
2002-Nov-21, 02:45 PM
On 2002-11-21 06:10, Argos wrote:


On 2002-11-20 12:21, SeanF wrote:
Can you point me to the specific provision(s) that constitute such a threat? I just don't see it.

(Maybe PM me on it, since it is slightly off-topic) /phpBB/images/smiles/icon_wink.gif




Well I see being slightly on topic, since the topic is about e-mail. /phpBB/images/smiles/icon_smile.gif

As a matter of fact, the law package issued brings to light something called "Total Information Awaredness" (or something like that; you know it better than I do from my point of vantage).

I don't intend to discuss politics here, but spam will be a minor issue when the Falcons come in.

<font size=-1>[ This Message was edited by: Argos on 2002-11-21 06:17 ]</font>

Yes I agree it is obvious that BA does not sell e-mail adresses. but . . . it is also clear that his security is not up to scratch. Why can I b subscribed to numerous other BB's for a couple of years and have a different address in my profile and i dont get spam?????


I'm not going to change the topic title, as I believe this is an important issue and that was my first impression...

kucharek
2002-Nov-21, 03:04 PM
As soon as an email-address appears somehow on a web page, they can be colleted by some programs who traverse the web. And if you give here your email address, it's in the bottom of your posting, behind the little envelope icon. You should never give out your address if not necessary or try to obfuscate it from the search programs which search for simple patterns.

Harald

GrapesOfWrath
2002-Nov-21, 03:24 PM
On 2002-11-21 09:45, trapdoor wrote:
Yes I agree it is obvious that BA does not sell e-mail adresses. but . . . it is also clear that his security is not up to scratch.
You put your email address in your profile (it is required, I know) and there is a check box which asks whether you want it visible to other members. I unchecked it and didn't get spam, you (or, at least, others) did check it and did get spam. How is any change in security going to prevent someone from seeing the email address, when it has been set to be publicly available?


Why can I b subscribed to numerous other BB's for a couple of years and have a different address in my profile and i dont get spam?????
Perhaps no one goes there anymore? /phpBB/images/smiles/icon_smile.gif


I'm not going to change the topic title, as I believe this is an important issue and that was my first impression...

I have a first impression of my own.

trapdoor
2002-Nov-21, 11:46 PM
LOL
***.com.au
it has over 6000 registered members and is far more active than this board.

Look- I am only suggesting that something should be changed, to prevent such spiders from searching profiles. It is important that people can post their e-mail addresses.

There are ways to do this

<font size=-1>[ This Message was edited by: trapdoor on 2002-11-21 18:51 ]</font>

GrapesOfWrath
2002-Nov-21, 11:57 PM
On 2002-11-21 18:46, trapdoor wrote:
***.com.au
it has over 6000 registered members and is far more active than this board.
It seems to be down now. /phpBB/images/smiles/icon_smile.gif


Look- I am only suggesting that something should be changed, to prevent such spiders from searching profiles. It is important that people can post their e-mail addresses.
Why is it important?


There are ways to do this
Aha.

trapdoor
2002-Nov-22, 12:05 AM
1) display profile pages dynamically. Looks like this is already being done
2) pm the e-mail adress to the intended recipient, or put the results in the text box of a form- cant be spidered that way.

http://www.weatherzone.com.au/cgi-bin/ultimatebb.cgi
I have been subscribed to this forum for 3 years, and have never got spam. Now I iknow it is run by UBB, not phpBB like this one, but perhaps therin lies the difference?

As for the othersite being down- it is not /phpBB/images/smiles/icon_smile.gif I removed the link as I use the same handle both here and there

GrapesOfWrath
2002-Nov-22, 12:07 AM
So weatherzone is not the place you're talking about?

And why is it important to have an email address?

<font size=-1>[ This Message was edited by: GrapesOfWrath on 2002-11-21 19:10 ]</font>

trapdoor
2002-Nov-22, 12:14 AM
No WZ was not the one I was talikng about.
I am subscribed to WZ but under a different handle- but that BB is about the same size as this. On the bigger BB's you get a few aliases appearing. An e-mail address helps show that you are a genuine poster.

E-mail adresses also allow you to be contacted when you are not online to the BB. This is helpful from a buisness point of view for me.

The Bad Astronomer
2002-Nov-22, 01:50 AM
I ask for email addresses so that I can contact a poster and let them know when they have crossed the line. It also keeps the trolls down.

What I want is a BB that won't let you post without a randomly selected password sent to the email address. That way, it must be valid as well. I am hoping phpBB2 does that.

GrapesOfWrath
2002-Nov-22, 03:29 AM
On 2002-11-21 19:14, trapdoor wrote:
E-mail adresses also allow you to be contacted when you are not online to the BB. This is helpful from a buisness point of view for me.

That's what I thought.

trapdoor
2002-Nov-22, 04:13 AM
GoW: LOL no- I run a ski club- and occasionally people are interested in making a booking - and so can contact me via e-mail. If I was posting here from a buisness point of view, wouldn't I put my web-site in my profile? I have a genuine interest in astronomy, I just don't feel knowledgable enough to post anything here, but I read with great interest.

BA- UBB does do that by the way, and if you change your e-mail address it sends you a new randomly generated password.

GrapesOfWrath
2002-Nov-22, 01:54 PM
I still don't understand why it might be "important" to have the email addresses displayed publicly on this BABB. BA says he requires them, but they don't have to be displayed. It seems to me that there was no problem in the first place--but you still insist on leaving the title of this thread to say that the email addresses are sold. It would seem that "Email address security" would be a more apt title for the thread.

<font size=-1>[ This Message was edited by: GrapesOfWrath on 2002-11-22 08:57 ]</font>

trapdoor
2002-Nov-25, 12:12 AM
/phpBB/images/smiles/icon_smile.gif Happy now, LOL?

Jim
2002-Nov-25, 01:48 PM
Trapdoor wrote:

Below is a transcript of an e-mail I got via registering for this web-site. ...From:

Mr. George Welele

Dear Sir,

THE 8TH ALL AFRICAN GAMES

I am Mr. George Welele, the Chief Accountant of the Federal Ministry of Youth,Sport,and culture Parent body of the Local Organizing Committee of the 8th all African game tagged[COJA] 2003 taking place in my country in 2003, . In the course of our preparation to host the 8th all African games , Huge sum of money ...

I have not received any such messages at my hotmail account (the one listed on this BB), but I have received several at my home account, so it's not because BA sells email addresses.

However, what you received is an example of what is known generically as a Nigerian Scam. There are many variations on this, and there are groups and agencies trying to stop them.

I suggest you check the following:

ScamSpeak Nigerian Scam Letters
http://www.fraudaid.com/ScamSpeak/Nigerian/419arrest.htm

The 419 Coalition
http://home.rica.net/alphae/419coal/

Internet Fraud Complaint Center
http://www1.ifccfbi.gov/index.asp

GrapesOfWrath
2002-Nov-25, 05:51 PM
On 2002-11-24 19:12, trapdoor wrote:
/phpBB/images/smiles/icon_smile.gif Happy now, LOL?

Thanks! As a matter of fact, I am pretty happy. I'm sitting down here on the Gulf of Mexico, with five of my brothers and their families, in gorgeous weather and the beach has no street lights or yard lights and the skies were awesome last night.