Email Spam

Hitting the nail on the head...

Member for

1 year 6 months
Submitted by AlReaud on Mon, 10/31/2016 - 18:33

Since publishing the article “Beware those scam emails from .top, .stream and .download domains” I must have pissed somebody off by giving some good advice. Since then I've been literally inundated with spam emails from the domains .top, .stream, .download and .win. When I cleared the junk filters out, I had almost 800 junk emails for the week of Sunday October 23 - Saturday, October 29, 2016. This week the count is at 132 so far (see image below)! That previous weekly total is more than I usually get in a month. Further I've had some idiot with the email address something like dhawalnator[at] emailing Toyota and Hundai dealerships in San Jose, Fresno, and other cities in California giving my phone number and saying that I'm interested in a vehicle. Actually it's kind of funny, because I answer the calls and tell them that they are sadly the victim of a retaliatory email scam. That went on all last week. I need one of those dealerships to forward that email to alreaud[at] so I can analyze it.

This leads me to believe that I gave out good advice that is effective in preventing email phishers/scammers from being successful. So I'll give y'all another piece of advice, gratis. Use the Thunderbird email browser. It has one of the best

Beware those scam emails from .top, .stream and .download domains

Member for

1 year 6 months
Submitted by AlReaud on Mon, 10/03/2016 - 17:43

Since the advent of .top, .stream, and .download domains there has been a plethora of new spam emails that are flooding the Internet. This result comes from cheap hosting accounts available from many providers. Hosting providers have no incentive, however, to stop this because they are making money from hosting questionable accounts, and there are technical and legal challenges to stopping spam.

Spotting the scam emails is pretty easy, they usually come from strange addresses ending in .top, .stream, or .download, but can be from other domains with entreaties to protect children, etc. Usually, but not always, the emails contain only images, and the links are very ephemeral. The most important thing you can do to protect yourself from these is to DISABLE REMOTE CONTENT (Google your specific email browser to get the information on how to do so). The next most important thing, other than marking them as spam and deleting them immediately, is to set filters that mark and delete email from .top, .stream, and .download domains.

By disabling remote content, the image that is usually enclosed in the spam email isn't downloaded. That prevents the compromised server these things redirect to from knowing that your email address is valid and being read. It can do so because as seen below, the embedded links in the email have a unique signature that is associated with your email address.

Five examples are (redirects are done using the text only browser, Lynx, and Wireshark for packet capture, PLEASE DON'T FOLLOW ANY OF THE LINKS BELOW UNLESS YOU ABSOLUTELY KNOW WHAT YOU ARE DOING!):