Spoofed spam emails

I've been trying to figure this out, I can't seem to come up with an answer on my own.

How is it that whoever is behind the spoofed spam gets the contact list for that email? My best guess is that the account was compromised at some point in the past and the contact list was saved.

An interesting observation is that just about all of these targets use yahoo.

I also get a kick out of seeing all of the different people/companies that my friends are emailing....


Thoughts??

 

I have a buddy who's GF's job is to find email address and send out those annoying spam messages. She spends lots of time trying to find ways around the filters and what not.

Your email address is distributed all over the internet regardless if you want it to be or not. Its not hard to find peoples email address these days.

Best thing to do, is have 2 emails. One for friends/family/important stuff. Then another for junk/porn/shopping/etc that can be leaked out. Once it gets bad, delete it and create a new BS email account.

 

x2

defeating filters is easier with html. space out the letters in your words and the filters don't recognize them due to spaces. but html will combine them back due to eliminating spaces.

 

Getting an email address and spoofing it is easy... the question is, how does the spoofer get the contact list for that email address?

Is the only logical explanation that the account (or pc) was compromised at some point in the past thus exposing the contact list? Or is there some other way this is happening?

 

I saw your post. your thoughts equal mine I just wanted to have an open discussion to see there are maybe other ways this is happening.

I got a spoofed spam email from my wife and I maintain her PC. Her account or PC has never been compromised as far as I can tell. that's why I'm poking around for more info.

Also any comments on why this is primarily happening to yahoo users?

 

The interwebz is a tricky place these days, that's for sure! Always gotta be on your toes.

 

If they're sending emails to her contact list then the account has been hacked. As to why it would happen to yahoo users, it's a big target. If you think the emails are actually coming from her account, I would change the password on the account to something complex.

 

if you scan the hidden headers of an email you can grab all the addresses that it was sent to. even bcc field shows up.

if any account was compromised that had her as a contact then it will send. before we switched out mail systems we had a few click on bad links or open messages and get their send-mail accounts taken over. they change the "reply to", "sent from" and any other field that would get a response from someone unaware

 

Basically, when you enter your email address on any site it gets stored in to a huge list, and sold to the highest bidder. That's how they obtain your email address in the first place.

 

Couple of things.

First spammers get emails easily. Sometimes just guess at them. Any reasonable guess is probably an email, true? They write computer programs that send emails to random made up addresses. When you "opt out" that doesn't really work, but it does tell them your email address is actively being used. Not only will they spam you, but will sell your address to others. And so on.

Second, ideas like using two emails, one for friends, doesn't work. It used to fifteen years ago. But that myth persists. It will delay them for a while. But once it's ever found then it's over. If not for the above scenario, there are dozens and dozens more including your friends screwing up and letting it out for you.

Finally, so what to do? There is only one good answer. Use a sophisticated server hosted email spam filter. Mcafee makes a fantastic one if you host your own email. Or gmail email is fantastic if you don't. They won't filter out good emails like some other bad services out there. You won't have to waste your life messing with settings since they are reputation based. Then watch your spam go to zero.

Enjoy your email and don't waste your life managing it. Use my answer, and you're good to go.

 

Just to clarify, not every website does this but a lot of them do.

 

It's always an aol account that gets compromised in my experience. at least 5 acquaintances in the past year have had thier aol accounts hacked and spammed out messages to all contacts. At least it's blatantly obvious that it's been hacked.

 

Interesting. So, If I were to send out a newsletter BCC'd to 50 people, and one of them has an infected PC, the controller of that malware can now mimic my email to those 50 people with their own special link included?

I agree. I can also attest to the gmail spam filter. It friggin rocks. It pretty much catches all spam and rarely non-spam.

 

Thank you!

Totally with you. There is nothing better than using the service of a large room full of talented intelligent people who work on this stuff 70 hours a week.

Yes! Sign up for one Gmail address. Or, use mcafee for server based. Use it for whatever. Forget the nonsense. Enjoy your email again. Less aggravation. Get more time back in your life.