[CLUE-Tech] email address hijacked by spammers

Jeff Cann j.cann at isuma.org
Tue Mar 30 21:20:30 MST 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here's what I did - 3 accounts:

1)  Give out my yahoo email address to anyone untrusted.
	- e.g., online shopping, etc.
2)  Use my first tier email address (@isuma.org) to trusted sources.
3)  Use my second teir email address (not shown) :) to family members.

Spam that I do get goes to yahoo and is generally removed by their spam 
protection.  I get no spam to my first and second tier email addresses.  I 
get no spam from my first and second tier accounts - mostly because I am 
careful in using those email addresses in a public setting.

For domain registrations, I used go-daddy's 'private registration' feature 
which does not publish my second-tier email account.  The $12 per year is 
totally worth it.

Finally, regarding multiple accounts (I have 5 that I use all of the time), I 
found that Kmail works well.  I forward all account email to my second tier 
account (except untrusted yahoo - I continue to use their web interface).  
But, the 'identities' feature in Kmail lets me send appropriate from, 
signature, etc for each email account.  For example, as I'm responding to a 
CLUE-Tech email, Kmail automatically changes my identity to the second tier 
address.

HTH -
Jeff

On Tuesday 30 March 2004 5:26 pm, Dan Harris wrote:
> Well, the unthinkable has finally happened to me.  I've had this email
> address for nearly 7 years now and I've been able to cope with all the
> spam I get using spamassassin and thunderbird filters, but this is
> different.  It appears that last night some spammer(s) began using my
> address as the 'From' on their spams.
>
> So today, I am getting bombarded with 'recipient not found' and 'this
> message was rejected because it is spam' messages.  I don't know who I'm
> more pissed off at, the spammer(s) who hijacked my email or the idiots
> who reply to every spam message saying "this is spam".. You'd think that
> if they were smart enough to set up a spam filter that they would
> realize that spammers FORGE the From address and not bother replying to
> it.. *sigh*.  The ones that did send me a rejection sometimes included
> the headers of the sent message which let me see what hosts were
> originating the messages.  However, by the time I get the rejections and
> start trying to investigate those hosts, they have already pulled the
> plug and switched IP addresses.
>
> This is driving me NUTS.  I can deal with spam, but this crap is over my
> limit of tolerance.
>
> Anyway, before I kill this address, which has a mind boggling number of
> important ties to it including domain registrations and list servers, I
> wanted to solicit some opions about what other people may have done in
> this situation..
>
> I'm considering doing to the following:
>
> A) wait and see if they give up using my address ( I assume this is not
> likely to happen )
>
> B) create a new single address and use multiple receive aliases.  This
> way I can change the aliases easier than changing my account.  Only
> problem here seems to be that most lists won't let you send from a
> different address than your "to" address, which I would be doing in this
> case.
>
> or
>
> C) create multiple accounts.  One for each list I'm on, one for domain
> registrations, one for personal email, etc.  This is by far the most
> burdensome for me since I could see myself having 5 or 6 different
> accounts to set up and maintain.  But, at least I could tell which one
> was compromised and only have to change a more limited number of
> subscriptions, etc.
>
> Please help!  Thanks for any advice.
>
> -Dan
>
>
> _______________________________________________
> CLUE-Tech mailing list
> Post messages to: CLUE-Tech at clue.denver.co.us
> Unsubscribe or manage your options:
> http://clue.denver.co.us/mailman/listinfo/clue-tech

- -- 
"Faith that does not affect a person's culture is a faith not fully embraced, 
not entirely thought out, not faithfully lived."
- - Pope John Paul II

http://isuma.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFAakcRi4b9OApLCmoRAk/LAJ0bM/lFaewyFiy8jGbvH0FJN/WdRwCgn3Kr
9M8C0oLZy6sePCkVjry6xwU=
=nLG3
-----END PGP SIGNATURE-----

More information about the clue-tech mailing list