I am wondering whether I am being specifically targetted by someone or whether it is just common for webmasters to receive alot of emails with various attempts to get you to open dodgy attachments daily. Some days I may get 20 or so sent to my domain name email addresses and they keep changing the attempt method, I actually never open attachments or click links in emails, as a rule, even from friends, so I am not concerened anything will get compromised, just wondering does this sound like alot, or is it normal activity.

Sounds pretty normal. Our spam filter catches most of it, but I delete tons of emails on a daily basis.
cd :O)

I am wondering whether I am being specifically targeted by someone or whether it is just common for webmasters to receive a lot of emails with various attempts to get you to open dodgy attachments daily.

No - I'd definitely say it's not just specifically you they are targeting. It's you and perhaps 100,001 others on some distribution list they have that get this stuff each and every time they blast another round of spam out the door.

Over time, because you are diligently deleting the spammy stuff from your inbox or from your spam filters - without opening anything or replying - eventually it slows down and if you are lucky - it stops. Until some other spammer take over. Sheesh!!

Spam levels will be worse if you are showing your email address on a website as a 'normal' text hyperlink i.e. live text. Spam bots will 'harvest' the email address from your site. Making it harder for them to do that can be done in several ways (with varying degrees of success). For example, use an image of the email address instead of live text. Use a javascript version of the email address instead of straight mailto HTML. Use an obfuscator (http://www.google.co.uk/#hl=en&source=hp&q=email+obfuscator&aq=0&aqi=g10&aql=&oq=%22email+obfus&gs_rfai=&fp=ef0ed3a35c3e8259) (sp?) site to generate some hard-to-read code in place of straight HTML (several available online). Or use an enquiry form instead of live text/mailto HTML. That last one is particularly good at thwarting the spam bots.

We run in the thousands. We use spamd with pf and spamassassin which gets rid of most of it.

If everyone here made a post to the New Game (http://www.webproworld.com/webmaster-forum/threads/60607-NEW-Game) for each such e-mail received, we'd long ago have hit the target of 1,000,000.

If everyone here made a post to the New Game (http://www.webproworld.com/webmaster-forum/threads/60607-NEW-Game) for each such e-mail received, we'd long ago have hit the target of 1,000,000.

Yes. You are right. But that will not happen in the near future.

I am wondering whether I am being specifically targetted by someone or whether it is just common for webmasters to receive alot of emails with various attempts to get you to open dodgy attachments daily. Some days I may get 20 or so sent to my domain name email addresses and they keep changing the attempt method, I actually never open attachments or click links in emails, as a rule, even from friends, so I am not concerened anything will get compromised, just wondering does this sound like alot, or is it normal activity.
Are you new to the net? ;) "Webmasters"?? It's not just webmasters, it's everyone. That's been going on since the 2nd email address was created and has exponentially escalated ever since. What you may be seeing is just a "pattern" of sorts. It depends on which cyber-terrorist scum parasite(s) are engaging in the cyber-terrorism that day. Some "like" attachments, some prefer embedded nefarious code.

If you have cPanel, enable then configure "Box Trapper".

Reason I specifically mentioned webmasters was because its only to my domain names. I use a system called spam arrest, which is really effective as only mail I authorise is allowed through.

Problem is these guys are using MY email addres as the sent from address and so it gets through. I guess it seems unusual because it has stopped all other spam I receive.

Anyway I think I have a solution, in that I can change spf to only allow specific senders from my domain, that would mean they couldnt use my own email address from their IP, it would only get allowed from my own servers ip...I guess thats what I have to do.

Reason I specifically mentioned webmasters was because its only to my domain names. I use a system called spam arrest, which is really effective as only mail I authorise is allowed through.
(I should have looked at your join date, sorry. I see you're not new to the net if even going by your join date here). I understand what you're saying. It's more likely to happen to our domain addresses because they (usually) will be what's showing on our webpages.



Problem is these guys are using MY email addres as the sent from address and so it gets through. I guess it seems unusual because it has stopped all other spam I receive.
Ah!!! I thought I was the only one to whom that was happening. It's always happened to me, but the past few months it's gotten worse. Low-life scum (from Rus-sia, Ind-ia and Chi-na IP's of course), are sending those "pharmaceutical terrorism" emails out and putting MY email addresses in the "Return-path" field! The only thing that you can do for that which may help some, is to enable SPF checking* or get your hosts to do it. That, or, track them down and put a bullet in the base of their skulls (which is something I'm working on....perhaps a joint effort on our part? :lol:).



Anyway I think I have a solution, in that I can change spf to only allow specific senders from my domain, that would mean they couldnt use my own email address from their IP, it would only get allowed from my own servers ip...I guess thats what I have to do.
Oh, never mind. I see now you know about it. ;) I'm still not sure exactly how that works. I still get the emails sent to me (and allegedly from my addresses), but as I understand it that's supposed to cut down on how many others receive them. Just imagine how much slanderous damage those pricks are doing to our name. :twisted:

* This is what shows in the headers of the emails returned to me when SPF is enabled:
[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=VICTIMIZED-ADDRESS%40MYDOMAIN.com;ip=95.139.142.93;r=gator*** .hostgator.com]
(Of course, a Rus-sian IP address). I still can't figure out why I'm receiving those bounces back to me. At the top of the bounced/returned emails are:

"This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:"
And it's one of my legit valid addresses. :confused: I also can't figure out why those emails are exempt from cPanel's email filters. The headers and body and full of filtered out words! I believe the a server's own Mailer-Daemon address may be exempt.

BTW, I have the - dashes put in those names because I (for obvious reasons) have them filtered out on all of my addresses.

It depends on the company you keep. If your friends and customers are not net savvy nor computer savvy they tend to get infected regularly with viruses and such.

Doesn't help if your friends include you in the forwarding of jokes, etc. without making the receivers bcc instead of just forwarding with cc either for the same reason above.

No offense was taken to any replies, I was unclear in my initial post what was happening.

It is true that it can make a website look bad, as who knows who else receives such emails looking as though they are from your own domain, although hopefully most people realise that spam type messages are unlikely to be from where they say they are. If as you say it will stop others receiving such mail looking like its from my domian it will be well worth doing even if it still somehow gets thorugh to my inbox. So yes thats what I will do, alter the spf stuff.

These ones dont mention selling anything, but they have either links to what look to be various compromised websites hosting a file called zx.htm, or an html attachment.

I suppose the html page may be some ad for pharmaceuticals, I have never looked and recently instead of being links, instead the htm page they want me to look at has become an attachment instead, so it probably has something dodgy about it, even though htm files are generally trusted, could be spoofed file extension, or contain some code that could download something.

I just checked a few of the from ip addresses in the headers and as mentioned by Clint, there are indeed alot from Russia.

No offense was taken to any replies, I was unclear in my initial post what was happening.

It is true that it can make a website look bad, as who knows who else receives such emails looking as though they are from your own domain, although hopefully most people realise that spam type messages are unlikely to be from where they say they are.
You may be surprised at how many (most people) that don't know anything email headers, and how to look for and check an IP address in the event our addresses are getting nefariously spoofed. Most think we are indeed the ones sending them.



If as you say it will stop others receiving such mail looking like its from my domian it will be well worth doing even if it still somehow gets thorugh to my inbox. So yes thats what I will do, alter the spf stuff.
That's "allegedly", I don't know for certain.



These ones dont mention selling anything, but they have either links to what look to be various compromised websites hosting a file called zx.htm, or an html attachment.
I don't know how you see them, but when I get them (bounced from the Mailer-Daemon), they are plain text format and they are originally in HTML format. So we can't see the images of the ph*arma*ceu*tical crap!



I suppose the html page may be some ad for pha*rmac*euti*cals, I have never looked and recently instead of being links, instead the htm page they want me to look at has become an attachment instead, so it probably has something dodgy about it, even though htm files are generally trusted, could be spoofed file extension, or contain some code that could download something.
Exactly, they'll load up the emails with random text, then put links in the emails not only to spam images, but also to HTML pages that are off the pha*rma*ceu*tical scamming site, or have the images on them.



I just checked a few of the from ip addresses in the headers and as mentioned by Clint, there are indeed alot from Rus*sia.
Yeah, surprise surprise. :rolleyes:

Again, careful with tho*se wo*rds above because most people are going to have them blocked. I never got an email notification that you replied because the email was blocked because I have those words blocked.

I get 10 to 20 of e-mails with zip file attachments every day. Sometimes I get 10 in a row that are all the same and sent to the same e-mail address. That would lead me to believe that they are coming from different sources, but they couldn't be if they are that coordinated. I haven't checked the headers recently to see where they are coming from.

I often wonder how many people are foolish enough to open the attachments. Has anyone ever seen a study or some numbers or estimates regarding this?

Ah I see what you mean ab*out tho*se word*s....gotcha....never thought about that in forum posts.

Ah I see what you mean ab*out tho*se word*s....gotcha....never thought about that in forum posts.
I'm pretty aggressive with my filters, but if others have had the horrible experiences I have had, they're probably the same too. I was forced to even block the countries because they too were showing up in the BS emails.

I must admit I don't get as many dodgy attachments now (compared to when I started out). I thank my Norton 360 for most of that, but my hosting company also tend to grab any suspect emails and send me a daily "Quarantine Digest" so I can decide if it is suspect or not. But it mainly is.

If anything I get phone calls from offshore claiming that theres something up with my computer. Wheres I tell them to "go away" (In true English style!) ;)

In recent weeks at work I have been receiving a dozen or more emails with rtf attachments. That's extra to the dozens of fake bank emails and fake Facebook emails I get, daily. The spam filter deals with a fraction.

I use USA.net (http://www.usa.net/) for all of my important e-mail needs.

They use Brightmail and Cloudmark for SPAM filtering. Very little SPAM escapes my Junk folder.

The ones I was getting daily, mainly the title was "*****.com account notification", short message saying account was compromised, appearing to come from the server itself with link or attachment as I mentioned.

Since posting this thread, that day I got just 3-4 more with very different titles, "you are the one" and "heart is set on you" etc with attachments of loveletter.htm.

Since then, 3 days ago, they have suddenly stopped??

Well, spam emails can be easily identified. But they will keep coming back every once awhile trying their luck on unaware victims.

Guess they might have some success in that since they keep coming back with new ideas and subject lines.

Therefore it is better to have a good anti-virus, spam filters and human judgement to avoid all problems.