Official RPG Codex Discord Server

  1. Welcome to rpgcodex.net, a site dedicated to discussing computer based role-playing games in a free and open fashion. We're less strict than other forums, but please refer to the rules.

    "This message is awaiting moderator approval": All new users must pass through our moderation queue before they will be able to post normally. Until your account has "passed" your posts will only be visible to yourself (and moderators) until they are approved. Give us a week to get around to approving / deleting / ignoring your mundane opinion on crap before hassling us about it. Once you have passed the moderation period (think of it as a test), you will be able to post normally, just like all the other retards.
    Dismiss Notice

Email advertisement

Discussion in 'Site Feedback' started by VasikkA, Dec 12, 2002.

  1. VasikkA Liturgist

    VasikkA
    Joined:
    Oct 21, 2002
    Messages:
    292
    Location:
    DAC
    To: *******@******.***.com
    Subject: www.rpgcodex.com
    From: Helen Baker <sender@coolstats.com>
    Date: Wed, Dec 11 2002 4:41:55 PM +0800 (CST)

    Hi,
    I thought you might be interested in getting in-depth knowledge about your web audience and web traffic patterns in a reliable and cost-effective way.


    CoolStats measures web site traffic and online behavior of your visitors.
    CoolStats will help you understand how to optimize your site to meet the needs of your visitors.
    You get access to detailed, real-time statistical analysis of your web pages - 24 hours a day. View Online Demo!
    CoolStats is the ultimate real-time tracking solution for small and mid-sized businesses.
    100% accuracy by measuring activity at the client, not via server based log files.
    The fee of $24.95 is minimal compared to
    what it would cost you to run a tracking service
    yourself!


    blahblahblah... and so on.


    Why am I getting ads with the subject 'www.rpgcodex.com' to my email account? Is this some sort of advertisement agreement with some ad company made by RPGcodex? Not that I don't get spam every day anyways, but it's really getting annoying to block new domains every day. Just wanted to let you know, though I'm pretty sure I'm not the only one. :roll:
     
    ^ Top  
  2. chrisbeddoes Erudite

    chrisbeddoes
    Joined:
    Oct 22, 2002
    Messages:
    1,349
    Location:
    RPG land
    Because some noobs windoze users have virus or worms or exploits in their pc .
    These virus harvest e-mails from the browser cache say your e-mail and combine them with the url where they found these e-mail adresses .
    This is pretty automated.

    Only way to save yourshelf is do not make your e-mail public.
     
    ^ Top  
  3. Saint_Proverbius Administrator Patron

    Saint_Proverbius
    Joined:
    Jun 16, 2002
    Messages:
    11,359
    Location:
    Behind you.
    There's a number of ways they get information like this from sites. Some "robots", programs that are designed to harvest emails from forums, plow through all the forum pages and links and parse out all the emails in to a handly, dandy database that some jackasses can use to send out spam.

    What's REALLY cute are the spam emails that look like they come directly FROM the forum itself. This has happened at DAC, where people have gotten email from "killzig@duckandcover.net" when it's really nothing more than spam using a fake sender.
     
    ^ Top  
  4. VasikkA Liturgist

    VasikkA
    Joined:
    Oct 21, 2002
    Messages:
    292
    Location:
    DAC
    Alright, thanks for explaining that. From now on I'll hide my addresses then.
     
    ^ Top  
  5. Saint_Proverbius Administrator Patron

    Saint_Proverbius
    Joined:
    Jun 16, 2002
    Messages:
    11,359
    Location:
    Behind you.
    If you still have that email, and the header for it. Please email me that header. I'd like to know where it's coming from.
     
    ^ Top  
  6. VasikkA Liturgist

    VasikkA
    Joined:
    Oct 21, 2002
    Messages:
    292
    Location:
    DAC
    I've already deleted the email, but I think I posted the header in my first post on this thread. :roll:
     
    ^ Top  
  7. Gimp Mask Augur

    Gimp Mask
    Joined:
    Aug 12, 2002
    Messages:
    267
    Location:
    Prosperium
  8. Saint_Proverbius Administrator Patron

    Saint_Proverbius
    Joined:
    Jun 16, 2002
    Messages:
    11,359
    Location:
    Behind you.
    Yeah, it's always cute when people who don't know what they're talking about follow up a statement with the rolly eyes thing.

    This is what an email header looks like:

    Kind of a little different than what you posted, isn't it, Vas?
     
    • Brofist Brofist x 1
    ^ Top  
  9. chrisbeddoes Erudite

    chrisbeddoes
    Joined:
    Oct 22, 2002
    Messages:
    1,349
    Location:
    RPG land
    First You must enable viewing headers in your mail client
    This is from a spam person
    Now the return path is what you see if you dont enable headers and anybody can put anything in there like billg@microsoft and you will see
    billg@microsoft

    But it is the received that is going to provide the real mail adress the real ip.



    From Artprice Fri Dec 13 12:04:40 2002
    X-Apparently-To: chrisbxeddoes@yahoo.gr via 216.xxx.xxx.xxx; 13 Dec 2002 12:04:40 -0800 (PST)
    Return-Path: <unsubscribe@artmarket.com>
    Received: from 194.242.43.186 (EHLO mail1.artmarket.com) (194.242.43.186) by mta530.mail.yahoo.com with SMTP; 13 Dec 2002 12:04:39 -0800 (PST)
    &#913;&#960;&#972;: "Artprice" <unsubscribe@artmarket.com> | &#934;&#961;&#945;&#947;&#942; &#948;&#953;&#949;&#973;&#952;&#965;&#957;&#963;&#951;&#962;
    &#928;&#961;&#959;&#962; : chrisbxeddoes@yahoo.gr
    &#920;&#941;&#956;&#945;: DELACROIX, Eugene
    MIME-Version: 1.0
    Content-Type: text/html; charset=iso-8859-1


    Now if you open your dos window
    and type tracert 194.242.43.186
    you will find something like this

    6 120 ms 131 ms 130 ms linx-lon1-racc1.lon.seabone.net [195.22.209.233]

    7 120 ms 131 ms 130 ms LINX-ge7-0-oscar.LON.router.COLT.NET [195.66.224
    .49]
    8 130 ms 141 ms 130 ms pos9-0-asterix.PAR.router.COLT.NET [212.74.67.21
    3]
    9 121 ms 130 ms 130 ms bbr2-cha-PO-3-0.FR.COLT.NET [212.74.67.22]
    10 121 ms 130 ms 130 ms gi4-2.bbr1-cha.fr.colt.net [62.23.251.182]
    11 110 ms 110 ms 120 ms po4-0.bbr1-wat.fr.colt.net [62.23.251.189]
    12 110 ms 120 ms 120 ms fa0-0.bbr-pop2-wat.fr.colt.net [195.68.85.226]
    13 130 ms 130 ms 130 ms bbr2-lyo.pos3-0.fr.colt.net [62.23.115.114]
    14 120 ms 130 ms 130 ms LL-1-lyo.fe0-0.fr.colt.net [213.41.24.226]
    15 130 ms 140 ms 130 ms host.102.86.23.62.rev.coltfrance.com [62.23.86.1

    after that it is lost

    So the host for this spammer is
    coltfrance.com

    Forward this e-mail to

    abuse@coltfrance.com

    and ask for the spammer account to be terminated.

    Now some script kiddies use hacker programs to attact that ip but i dso not recommend you to do this because you could have problems with your isp and or worms is your pc.

    If the isp of the spammer does not respond you can send e-mail to varius organizations that blacklist isp that host lots of spammer 's

    Hope this has been helpful.

    Content-Transfer-Encoding: 8bit
    Content-Length: 2024
     
    ^ Top  
  10. chrisbeddoes Erudite

    chrisbeddoes
    Joined:
    Oct 22, 2002
    Messages:
    1,349
    Location:
    RPG land
    You can also read this for more details


    http://www.fuzzo.com/spam_faq.htm

    They tell its free to repost so i am reposting a small fraction

    Tracing an e-mail message

    To trace the e-mail you have to look at the header. Most mail readers do not show the header because it contains information that is for computer to computer routing. The information you usually see from the header is the subject, date and the "From" / "Return" address. About the only thing in an e-mail header that can't be faked is the "Received" portion referencing your computer (the last received).

    You will need to take a look at the headers on the message as follows (Thanks to Michael, Piers and others) :

    Claris E-Mailer - under Mail select Show Long Headers.

    Eudora (before ver. 3) - Select Tools , Options... , then Fonts & Display then Show all headers

    Eudora (ver. 3.x, 4.x IBM or Macintosh) - Press the BLAH button on the incoming mail message

    For Mac Eudora 4.x, hitting the following will cause Eudora to alter its default setting so that BLAH will be automatically selected for all new email received after this switch is set:

    x-eudora-setting:123=y When checked, Eudora will show all the headers from messages, not just an abbreviated set.

    HotMail - To expose the full message header, click "Options" on the Hotmail Navigation Bar on the left side of the page. On the Options page, click "Preferences." Scroll down to "Message Headers" and select "Full."

    For Lotus Notes 4.6.x - From the menu bar, select Actions, then Delivery Information. Copy the information from the bottom box into your e-mail report at the top of the spam.

    For Lotus Notes R5 - From the menu bar, select Actions, then Tools, then Delivery Information. Copy the information from the bottom box into your e-mail report at the top of the spam.

    MS Outlook - Double click on the email in your inbox. This will bring the message into a window. Click on View - Options. You can also open a message then choose File....Properties....Details.

    MS Outlook Express - Alt-Enter, or Alt-F then R.

    MS Outlook Express - More Detailed:

    To look for, copy and send headers In Outlook Express

    1- Press CTRL F3

    2- Press CTRL A

    3- Press CTRL C

    4- Press Alt F4. (At this point the message is already copied)

    5- Open a new message. Right click and paste or select Edit and paste.

    Netscape 3 - In the Netscape Mail window, click View/Document Source.

    Netscape 4.xx - Double click on the email in your inbox. Click on View - Headers - All.

    PINE - You have to turn on the header option in setup, then just hit "h" to get headers.

    Yahoo - 1.Log into your Yahoo! Mail account.

    2.Click the "Options" link on the left-hand navigation bar.

    3.Click the "Mail Preferences" link on the right.

    4.Locate the Show Headers heading and select "All."

    5.Click the "Save" button to put your new settings into effect.

    Programs that do not comply with any Internet standards (like cc-Mail, Beyond Mail, VAX VMS) throw away the headers. You will not be able to get headers from these e-mail messages.

    Aussie tells us that in Pegasus to view the full headers for each message, use CTRL-H. This will show the full headers for the particular message, but will not add them to any reply or forward. You need to cut/paste the message into the reply/forward to send these headers.

    Richard tells us with Nettamer, a MS DOS based email and USENET group reader you must save the message as an ASCII file, then the full header will be displayed when you open the saved file with your favorite ASCII editor.

    At this point if you are "pushing the envelope" on your ability to figure out how to get that complaint to the correct person, I would suggest joining the Usenet group alt.spam or news.admin.net-abuse.email and post the message with a title like "Please help me decipher this header". Unfortunately there is no "single" place to complain to about spam (or Unsolicited Commercial E-Mail). Complaints have to be directed to the correct ISP (Internet Service Provider) that the spam originated from. See the below section entitled "Reporting spam".

    URL's to help you figure out how to look at the headers:

    http://www.concentric.net/~Nvam

    http://www.rahul.net/falk/mailtrack.html

    A little different description of headers:

    http://ddi.digital.net/~gandalf/trachead.html - Line by line tracing of a spammers e-mail

    http://help.mindspring.com/features/ema ... /index.htm

    http://help.mindspring.com/features/ema ... tended.htm

    http://www.mcs.net/~jcr/junkemaildeal.html - Another Header Analysis

    http://www.stopspam.org/email/headers/headers.html - In depth header analysis

    There is spamming software that sends the e-mail directly to your computer. This makes only one received line in the e-mail making your life many times easier. The computer that is not your computer is the spamming computer.

    Also, please look through the body of the message for e-mail addresses to reply to. Complain to the postmasters of those sites also (see below for a list of complaint addresses).

    Gregory tells us that assuming a reasonably standard and recent sendmail setup, a Received line that looks like :

    Received: from host1 (host2 [ww.xx.yy.zz]) by host3

    (8.7.5/8.7.3) with SMTP id MAA04298; Thu, 18 Jul 1996 12:18:06 -0600

    shows four pieces of useful information (reading from back to front, in order of decreasing reliability):

    - The host that added the Received line (host3)

    - The IP address of the incoming SMTP connection (ww.xx.yy.zz)

    - The reverse-DNS lookup of that IP address (host2)

    - The name the sender used in the SMTP HELO command when they

    connected (host1).

    Looking at the below we see 6 received lines. Received lines are like links in a chain. The message is passed from one computer to the next with no breaks in the chain. The received lines indicate that it ended up at ddi.digital.net (my computer) from mail.bestnetpc.com. It was received at mail.bestnetpc.com from unknown (HELO paul-s.-aiello) ([205.160.183.123]). The last three lines suggests that it was received at in2.|bm.net from mh.tomsurl|.com and from reb50.rs41|1date.net. Since none of these computers are in the first two received lines then we can ignore these lines and every received entry after this line (this UCE had 4 or 5 more faked Received lines in it that were deleted for this example). We also know that these lines are faked because no domain name has a "|" character in the name. Domain names only have alphabetic or numeric characters in the name.

    Do not get confused by the "Received: from unknown" portion. The word "unknown" can be *anything* and should be ignored, this is whatever the spammer put in the SMTP HELO command when they connected to the SMTP server.

    Received: from mail.bestnetpc.com (IDENT:qmailr@mail.bestnetpc.com [205.160.183.3]) by ddi.digital.net (8.9.1a/8.9.1) with SMTP id CAA10768 for gandalf@digital.net; Thu, 26 Nov 1998 02:55:11 -0500 (EST)

    Received: (qmail 25259 invoked from network); 26 Nov 1998 08:05:49 -0000

    Received: from unknown (HELO paul-s.-aiello) ([205.160.183.123]) by mail.bestnetpc.com with SMTP; 26 Nov 1998 08:05:49 -0000

    Received: (from uudp@lcl|lhost) by in2.|bm.net (8.6.9/8.6.9) id CFF569794 for suppressed; Thursday, November 26, 1998

    Received: from tomsurl|.com (mh.tomsurl|.com [100.257.57.69]) by m4.tomsurl|.com (8.6.12/8.6.12) with ESMTP id PAA21932 Thursday, November 26, 1998

    Received: from reb50.rs41|1date.net (root@reb50.rs41|1date.net [256.36.1.176]) by tomsurl|.com (8.6.12/8.6.12) with ESMTP id PBA023891 for suppressed;

    So we complain to whomever owns unknown (HELO paul-s.-aiello) ([205.160.183.123]). Make sure that you do a nslookup (or use http://samspade.org/t/ , put the address in the section "address digger", click on Whois IP block and Traceroute and click on "do stuff") on the IP address's. I try to verify 205.160.183.123 is paul-s.-aiello. Indeed paul-s.-aiello does not even exist and 205.160.183.123 does not resolve to a name when I do a NSLookup. Next would be a traceroute. See further below for more in-depth tracking on resolving an IP.

    IP portion = 205.160.183.123

    Traceroute 205.160.183.123 gives us:

    Step Host IP

    Find route from: 0.0.0.0 to: 205.160.183.123 (205.160.183.123), Max 30 hops, 40 byte packets

    snip

    13 acsi-sw-gw.customer.alter.net. (157.130.128.26 ): 235ms

    14 atlant-ga-2.espire.net. (206.222.97.24 ): 272ms

    15 206.222.104.37 (206.222.104.37 ): 279ms

    16 orland-fl-1-a5-0.espire.net. (206.222.99.7 ): 362ms

    17 iag.net.orland-fl-1.espire.net. (206.222.106.6 ): 195ms

    18 d1.s0.gw.dayb.fl.iag.net. (207.30.70.38 ): 230ms

    19 s0.gw.bestnetpc.net. (207.30.70.254 ): 231ms

    20 * * *

    21 205.160.183.123 (205.160.183.123): 372ms

    See the traceroute section below for how to interpret the "*" (and other codes) that are returned from a traceroute.

    Note - if you see something like the following realize that the only portion you can trust is within the "([" and the "])". The spammer put in the (faked) portion "mail.zebra.net (209.12.13.2)" :

    Received: from mail.zebra.net (209.12.13.2) ([209.12.69.42])

    Kamiel tells us that you might also want to make sure that the IP is not hosted by an intermediary site. Check it out at:

    http://www.arin.net

    You should complain to the abuse@ or postmaster@Last Two or Three words at the end of the name. I would complain to abuse@iag.net OR abuse@espire.net (but NOT both sites) since after looking below at the list of complaint addresses in this FAQ there are no alternate addresses for iag.net or espire.net. Unless it is a "major provider" (someone in the below complaint list) I usually complain to the upstream provider rather than risk the chance of complaining to the spammer and being ignored. If you go too far up the chain, however, it may take quite some time for the complaint to filter down to the correct person.

    Louise tells us that you are entitled to make an 'alleged' accusation but to prevent yourself from being libel, prefix your statement with:-

    "Without prejudice: I suspect you are the culprit of such and such."

    The constitutional and legal boundary of 'Without prejudice' exempts Politician's opinions being spoken publicly and this prefix is often adopted by Solicitors (English) or Lawyers/Attorneys (USA).

    I use :

    abuse@XXXXX - Without prejudice I submit to you this Unsolicited Commercial E-Mail is from your user XXXX. UCE is unappreciated because it costs my provider (and ultimately myself) money to process just like an unsolicited FAX. Please look into this. Thank you.

    BE SURE to verify the IP address. Windows '95 machines place the name of the machine as the "name" and place the real IP address after the name, meaning a spammer can give a legitimate "name" of someone else to get someone innocent in trouble. A spammer at cyberpromo changed their SMTP HELO so that it claimed to be from Compuserve. The Received line looked like the below, but a quick verification of the IP address 208.9.65.20 showed it was indeed from cyberpromo :

    Received: from dub-img-4.compuserve.com (cyberpromo.com [208.9.65.20]) by karpes.stu.rpi.edu

    The below e-mail was passed to me thru a "mule" (un1.satlink.com [200.9.212.3]). The Spammer hijacked an open SMTP port to reroute e-mail to me:

    Received: from un1.satlink.com (un1.satlink.com [200.9.212.3]) by ddi.digital.net (8.9.1a/8.9.1) with ESMTP id GAA06372; Fri, 27 Nov 1998 06:53:20 -0500 (EST)

    Received: from usa.net ([209.86.128.234]) by un1.satlink.com (Netscape Messaging Server 3.54) with SMTP id AAT2FEA; Fri, 27 Nov 1998 08:46:07 -0200

    A NSLookup on 209.86.128.234 resolves to user38ld07a.dialup.mindspring.com, so after I complain to mindspring.com I also send the postmaster of the open SMTP port the following :

    postmaster@XXXXX - Your SMTP mail server XXXXX was used as a mule to pass (and waste your system resources) this e-mail on to me. You can stop your SMTP port from allowing rerouting of e-mail back outside of your domain if you wish to. FYI only. Info on how to block your server, see:
     
    ^ Top  
  11. VasikkA Liturgist

    VasikkA
    Joined:
    Oct 21, 2002
    Messages:
    292
    Location:
    DAC
    Ok, I misunderstood and was wrong. I'll try to do that next time if I get any more spam.
     
    ^ Top  

As an Amazon Associate, rpgcodex.net earns from qualifying purchases.