Can spammers trace one if one does not go offline prior to deleting spam ?

Jerry · Jun 22, 2003

Tough to find a perfect forum for this, but universal enough to have value in the posting, here.

Most of the spam we receive have ?calls? which go back through the ?pipe? to bring up the graphic or photo that is coded into the spam. Sending out the zillions of spam messages with the extra graphics weight would be more troublesome to these creeps.
If one has a DSL or Cable connection, and if one touches the spam mail in Outlook, up comes the graphic.

I don?t care, in itself, if the graphic loads or not, as I can 100% ignore the garbage they send down the pipe.

My curiosity is if there is a logging, somewhere, which informs the spammers that my email address is ?active? or receiving these spam messages.

It is a bother to pull the plug on the DSL line prior to deleting the spam. However there is something to be said for doing so if it will not inform the spammers of the receipt of their spam.

My present impression is that they send out so many spam particles that they don?t really care or don?t even wish to bother to sort out which are dead or not, but just keep pumping them out.

Is there any point in going to the trouble disconnecting DSL prior to deleting the spam I get into Outlook ?

her209 · Jun 22, 2003

Usually spammers use nonexistent domains as email orgination.

notfred · Jun 22, 2003

When you download pictures off a website, that site doesn't get your email address somehow. They have no way of knowing what email address the people downloading thier pictures have. They can get your IP address, but there is no corrolation between email address and IP address.

Entity · Jun 22, 2003

Originally posted by: notfred
When you download pictures off a website, that site doesn't get your email address somehow. They have no way of knowing what email address the people downloading thier pictures have. They can get your IP address, but there is no corrolation between email address and IP address.

Yup, that pretty much sums it up.

Rob

Jerry · Jun 22, 2003

Thanks guys, but I am not referring to web surfing or downloading anything from a website.

I am referring to the deletion of EMAIL spam.

If my DSL line is DISCONNECTED, no images will show up in the spam and presumably when deleting email in Outlook, the spammers will have no way of knowing if I actually received their garbage, other than that it did not get bounced back to them.

But it is annoying to have to DISCONNECT and then RECONNECT after each checking for email and then the deletion of the copious spam.

It is also possible, and perhaps likely that the spammers send out such quantity that they do not bother to check any type of log that might indicated if a ?call? went to them to shoot down the graphic to my system.

That is my curiosity. If it makes NO difference whether I am on line or not, then it would be easier to just stay on line when I have to delete the spam (emails)

her209 · Jun 22, 2003

Originally posted by: Jerry
Thanks guys, but I am not referring to web surfing or downloading anything from a website.

I am referring to the deletion of EMAIL spam.

If my DSL line is DISCONNECTED, no images will show up in the spam and presumably when deleting email in Outlook, the spammers will have no way of knowing if I actually received their garbage, other than that it did not get bounced back to them.

But it is annoying to have to DISCONNECT and then RECONNECT after each checking for email and then the deletion of the copious spam.

It is also possible, and perhaps likely that the spammers send out such quantity that they do not bother to check any type of log that might indicated if a ?call? went to them to shoot down the graphic to my system.

That is my curiosity. If it makes NO difference whether I am on line or not, then it would be easier to just stay on line when I have to delete the spam (emails)

Why the hell are you opening their emails?

Entity · Jun 22, 2003

Originally posted by: Jerry
Thanks guys, but I am not referring to web surfing or downloading anything from a website.

I am referring to the deletion of EMAIL spam.

If my DSL line is DISCONNECTED, no images will show up in the spam and presumably when deleting email in Outlook, the spammers will have no way of knowing if I actually received their garbage, other than that it did not get bounced back to them.

But it is annoying to have to DISCONNECT and then RECONNECT after each checking for email and then the deletion of the copious spam.

It is also possible, and perhaps likely that the spammers send out such quantity that they do not bother to check any type of log that might indicated if a ?call? went to them to shoot down the graphic to my system.

That is my curiosity. If it makes NO difference whether I am on line or not, then it would be easier to just stay on line when I have to delete the spam (emails)

Yes, we understood that.

In an email spam, it pulls the images from the web (http protocol). There is no way for them to correlate the viewing of these images with anything other than an IP address. In order for them to get your email, you would have to actively click something that would let them know who you are.

There may be ways for them to code emails that certain programs (OE, perhaps) would associate the displaying of images with the email address they sent to, but I seriously doubt that is the case with any email spam.

It's simplest (and most effective) to just delete it.

Rob

ViRGE · Jun 22, 2003

Originally posted by: notfred
When you download pictures off a website, that site doesn't get your email address somehow. They have no way of knowing what email address the people downloading thier pictures have. They can get your IP address, but there is no corrolation between email address and IP address.

That's not entirely true, but getting email addresses is more difficult than not. What you can do is in each email message, tweek a graphic a bit so that when the server is referenced, it does something like <server>/spam/porn/uglychick.jpg?email=anand@anandtech.com(there are a million ways to do this), so that it's still pulling the same image, but also giving the server a valid email address. The trade off is that you have to send individual emails, as opposed to dozens of BCCs, but it does work, and it is used from time to time. Look up 'Web Bugs' on Google some time, they use a similar tactic.

Hector13 · Jun 22, 2003

Originally posted by: Entity

Originally posted by: notfred
When you download pictures off a website, that site doesn't get your email address somehow. They have no way of knowing what email address the people downloading thier pictures have. They can get your IP address, but there is no corrolation between email address and IP address.

Click to expand...

Yup, that pretty much sums it up.

Rob

how hard do you think it would be for spammers to simply embed your email address into a querystring for the image source??

gopunk · Jun 22, 2003

Originally posted by: ViRGE

Originally posted by: notfred
When you download pictures off a website, that site doesn't get your email address somehow. They have no way of knowing what email address the people downloading thier pictures have. They can get your IP address, but there is no corrolation between email address and IP address.

Click to expand...

That's not entirely true, but getting email addresses is more difficult than not. What you can do is in each email message, tweek a graphic a bit so that when the server is referenced, it does something like <server>/spam/porn/uglychick.jpg?email=anand@anandtech.com(there are a million ways to do this), so that it's still pulling the same image, but also giving the server a valid email address. The trade off is that you have to send individual emails, as opposed to dozens of BCCs, but it does work, and it is used from time to time. Look up 'Web Bugs' on Google some time, they use a similar tactic.

precisely what i was about to post...

BillGates · Jun 22, 2003

Why do you use question marks instead of apostrophes'

NuclearFusi0n · Jun 22, 2003

yes, it's possible, and is probably fairly common too.

Jerry · Jun 22, 2003

regarding:
-Why the hell are you opening their emails?-

I am NOT opening their emails. Have you ever looked at MS Outlook ? All one needs to do is go from the Inbox to Tasks and then return to the Inbox and if a SPAM email is in the top position, it is activated and the graphic is "called" or pulled down from a distant server.

NO opening of emails is involved.

And the 2 email addresses that are spam targets are NEVER EVER EVER EVER used by me. I use an entirely different and separate set of email addresses for ALL correspondence. Of any kind. I get the impression that I am substantiating the existence or "liveness" of the email addresses that they have hit upon and are using to deluge me with hundreds of spam messages a day.

Hector13 has a good point =
- how hard do you think it would be for spammers to simply embed your email address into a querystring for the image source??-

But not because of the quoted downloading of images off a website, downloading of images off a website is totally irrelevant. Such had NO connection to the email spamming disconnect point.

It is this curiosity which Hector13 touches upon that I am sensing is of concern. When I touch upon an email spam, either that ?tips them off? that I pay attention to their spam and encourages more such spam, or they have so many millions of spam messages that go out every day that they do not have time to really qualify who is who on the other end and whether the messages are opened or not or read or not.

It is the one of these two, above, that I am trying to find out about.

Thanks, responses welcomed.

Lonyo · Jun 22, 2003

I thought that the main problem with spam was if you replied, as that was one of the few ways of knowing if an email addy is useful.

It's something like $5 for 1 million email addys, and they just get whatever new ones come up, they don't check if they're active, normally a company just buys a list from a big company and then sends emails to all the addresses. The replies are what tells them anything, like clicking "unsubscribe".

Normally the hit rate is about 1 in a million, so the get one customer for their $5.

As long as you don't reply in any way, then they're not checking your address is active.

This info was off a financial program from the BBC in the UK.

Jerry · Jun 22, 2003

Thanks,
This is helpful info.
I do welcome other responses.

ndee · Jun 22, 2003

Originally posted by: notfred
When you download pictures off a website, that site doesn't get your email address somehow. They have no way of knowing what email address the people downloading thier pictures have. They can get your IP address, but there is no corrolation between email address and IP address.

Yeah, but they could generate an image(filename) in the email with his email address in it.

mugs · Jun 22, 2003

Turn off that obnoxious preview pane and you don't have to worry about it.

Fudssa · Jun 22, 2003

Originally posted by: mugsywwiii
Turn off that obnoxious preview pane and you don't have to worry about it.

Yep. So easy.

Jerry · Jun 22, 2003

Well, you are right about the preview pane. I was looking at the innards and the long run workings of email and the like, but the preview pane is a workaround, for now. Thanks.
Further responses as to the -innards- etc are welcome.

flot · Jun 22, 2003

Wow, you know, I had never thought of this.. but the guy is right. It would NOT be difficult for spammers to validate you this way. They could just generate unique image names for each email, and if you downloaded the image, they'd know you receieved the email - and even worse, they'd know you're the kind of person who looks at spam before they throw it away.

That'd be remarkably sneaky of them.. I don't know that anyone does it, but it is in fact a possibility. Thank god I use elm to read my mail.

dighn · Jun 22, 2003

i used a firewall to block outlook from accessing port 80

i really should just allow access to mail ports only but that's too much work

web sites that don't use port 80 are few

Jerry · Jun 22, 2003

See, Guys n Gals,
It is getting intelligent here.
Flot and Dighn make further good points. Particularly re the Port 80 and the fact that the potential graphics -calls- for validation would or could be blocked by smart use of firewalls.
There could be a little action script that could possibly turn off the appropriate ports when dealing with email and then turn them back on when not. If the heavyweights were to get wind of this idea, they could turn out some code in no time.
This could further snowball to a quite useful thread.

Even the Congress of the US, which just this week passed a new bill to deal with telemarketers, knows, by CNN survey, that the next biggest issue among the public is spam. Next is identity theft. And so it goes.

It will be a while before the WWW consortium gets the changes it wants in email headers adopted (which would identify the server and or identity of the sender)

Further thoughts ?

Hector13 · Jun 22, 2003

You don't need any "heaveweights" to write something new. There are plenty of good firewalls already out there. Just get one and refuse access to port 80 (outbound) from outlook.

GeneralDisarray · Jun 22, 2003

They can easily specify an alternate port in the URL, and if you blocked that one, they could specify a random port and set their web server to listen on all ports.

As some have said above, it's quite simple to GET variables in an image link to identify when someone views your message. Theres no need for different file names. In fact, you dont even need to have a link that looks anything like an image, you can manipulate the MIME headers so something like http://127.0.0.1/?go=123456 returns an image and IE/Outlook loads it fine. Then in their server a PHP script checks the ID and logs when it was accessed, and if they're smart, watches if you click on the link to see if the advertising was effective.

Jerry · Jun 22, 2003

GeneralDisarray
You do not seem to me to be in Disarray at all. Much Array, in fact.

This is valuable info. In other words, there might be considerable capacity and forethought to SOME spammers. They could then exchange (or sell) the info. Particularly when they could show logged confirmation.
Doubleclick and gator spybots, for example, are getting hammered and squashed with Adaware, for example. They are cunning and I would not put it by them to go a different route, one such as this, for example.

One can do the change of email addresses bit, but it would seem that they would be nipping at one?s heels fairly fast. Particularly if a hidden venture, such as this, was in the works and working for them.

In any event, this increasing knowledge is of increasing value.

Can spammers trace one if one does not go offline prior to deleting spam ?

Senior member

No Lifer

Lifer

Lifer

Senior member

No Lifer

Lifer

Elite Member, Moderator Emeritus

Golden Member

Lifer

Diamond Member

Diamond Member

Senior member

Lifer

Senior member

Lifer

Lifer

Banned

Senior member

Diamond Member

Lifer

Senior member

Golden Member

Member

Senior member