Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[roseway]

I'm being bombarded by emails like the one below, copied with all headers included (the asterisks are actually one of my domains). I've had a look at the attachment, and it's a Windows executable of course, obviously a virus or something of that nature.

To any Windows users: don't open that attachment if you receive one of these emails.

(I'm getting so many, because I've got catch-all forwarding configured for emails to that domain, so I need to re-think that.)

Return-Path: <buhije@menard-vietnam.com>
Delivery-Date: Mon, 02 Dec 2013 14:35:26 +0100
Received-SPF: neutral (mxeu3: 212.170.226.180 is neither permitted nor denied by domain of menard-vietnam.com) client-ip=212.170.226.180; envelope-from=buhije@menard-vietnam.com; helo=[212.170.226.180];
Received: from [212.170.226.180] ([212.170.226.180])
 by mx.kundenserver.de (node=mxeu3) with ESMTP (Nemesis)
 id 0Lh7VD-1VIJhr0ZsN-00o2Dq for little-hosmer@*********.co.uk; Mon, 02 Dec 2013 14:35:25 +0100
Date: Mon, 02 Dec 2013 14:35:22 +0200
From: "Royal Mail Group" <buhije@menard-vietnam.com>
X-Priority: 3 (Normal)
Message-ID: <1545589138.03987.royalmail@PC-PATRICIA>
To: little-hosmer <little-hosmer@*********.co.uk>
Subject: Mail - Lost / Missing package
MIME-Version: 1.0
Content-Type: multipart/mixed;
 boundary="----------3E178284AE5C98B76"
X-UI-Junk: AutoMaybeJunk +0 ();
  V01:kpfyBrmZ:uWOC6//2Hx9VWG3BPCRQ0jsstI8m5PgwXOzcVcglBd3KjzK9G0O
  CL5lHDn1RGHvLuZDui0qGzO12csElVkFZfyYFftX0gbkNeLTzp/Z1B8aDc9K4bnk
  zu6Jm7muHxC2LYFiZIILGQkYqDCNoZqHXHzTF7nsAeyq6A0b5S5cJa5nO5nwhsJz
  +/CClbpko1Qp5XMbvQ34zWNmYtr8sLywHl7OeL8nz+0590gYd2Jkc5BSNYYa1ona
  Ux1YrwlonJNgOAzESBOqO4AMc2kIcOzy9CA==
Envelope-To: eric1@*********************.co.uk

Royal Mail http://www.royalmail.com/

Mail - Lost / Missing package - UK Customs and Border Protection

Royal Mail has detained your package for some reason (for example, lack of a proper invoice, bill of sale, or other documentation, a possible trademark violation, or if the package requires a formal entry) the RM International Mail Branch holding it will notify you of the reason for detention (in writing) and how you can get it released.

Please fulfil the documents attached.

Home http://www.royalmail.com/ | A-Z of Services http://www.royalmail.com/atoz | Help & support http://www.royalmail.com/personal/help-and-support | Business help & support http://www.royalmail.com/parcel-despatch-low/help-and-support | Contact us http://www.royalmail.com/personal/help-and-support/I-need-to-contact-royal-mail | Mailing tools http://www.royalmail.com/mailing-tools | Jobs http://www.royalmailgroup.com/our-people/our-people-careers

[Royal-Mail_5B4EDC4EBB.zip  application/octet-stream (85920 bytes)]

[broadstairs]

I've had a few of these Eric but all have been marked by my email server as a virus and had the attachment removed before I see them, they go to my spam account anyway so I only see them when I clear it.

Stuart

[sevenlayermuddle]

Interesting.

I have found a working 'catchall' forward rule with google apps is to...

1) make some username name like 'spam' the catch-all.
and
2) Configure the catch-all user to forward all received mail to my own address, but only if it is not marked as spam.
and
3) I pretty much ignore the catchall's  own inbox (&spambox)

That means that there is a high probabilty I will see any mail that has a genuine address error, but not if it is marked as spam.   There is a risk that I will not see genuine mail that is both wrongly adressed, and wrongly classed as Spam, but I can live with that.

[roseway]

Thanks for that suggestion 7LM.

[BritBrat]

Not sure if this helps, but what I do with my E-Mail address is to make the bit before the @ sign related to who I am giving it to.

Eample: KITZ@mydomain.co.uk

Then I know if my details have been passed on and who did it, also if I get lots of spam on that address it is easy to make a rule to delete it.

Another benefit is that say you get a banking E-Mail one look at the address tells me it is from my bank or not as the only person with that address is my bank.

To make this work go to your CP panel and place an "*" before the "@" sign.

I have been doing this for 10 years or more.

[roseway]

Thanks BB

[broadstairs]

I have mine setup with specific fully qualified email addresses and if mail comes into the domain which is not one of the 7 I have setup then it simply gets rejected I never see it. If it is genuine email but misspelled then it will be returned to sender and they will know something went wrong.

Stuart

[guest]

Ah so someone else is getting these as well 

They're being sent from the same zombie machines which are pumping out Mastercard/Paypal/Natwest/DHL/Skype/Vodafone scam emails.

Currently getting around 120/day, started about 25 November.

The email addresses used are ones harvested from usenet over a decade ago - I can tell that as I used email addresses on usenet which Mailtraq expired after two weeks.

Edit - interestingly Spamhaus has a relevant article up dated 2 Dec 2013 http://www.spamhaus.org/news/article/706/the-return-of-the-open-relays

[broadstairs]

This raises an interesting point. It would seem that many people see quite a lot of spam. Makes me wonder what servers people use for their email? It would seem that many dont have effective spam processing on the servers and I suspect that these may be ISP servers. While this is understandable for people who dont have their own domain and therefore have to use the ISP server. For a number of years now I have had all my email collected via my hosting company servers and they have very effective spam processing which means I probably see less than 10 spam emails a day and quite often none or only one or two low scoring spam emails per day. They also have a blacklist and whitelist where I can set domains that I either never want to see (blacklist) or those which should never be marked as spam (whitelist).

Stuart

[guest]

I do all the processing on a local (not internet facing) mailserver so I "see" all the spam - at least in logs/log summaries anyway.

[roseway]

I use a paid-for email service with my hosting supplier. They do have spam and virus checking, but the spam filtering takes some time to learn, and educates itself by users moving mails to and from their spam folder. I hadn't previously enabled the virus checking option, but now I have done so, and the Royal Mail, DHL, etc. scam mails are being trapped by this.

[sevenlayermuddle]

I use google apps, which is probably the same spam filter as gmail, spam just gets filtered to a 'spam' folder, which it is automatically deleted after 30 days if you leave it there.   

Its pretty good, but sometimes a bit overzealous, on one occasions it classified as spam one of google's own domain management confirmations, an email that was auto-generated by google.   

My main domain gets around 50-100 spams on an average day, much more during 'storms'.   But most are addressed to what look like random names,  like "hgfdd8475@*****.com".   And of course, I get the non-delivery reports for spam spoofed from my domain, but again that tends to use made-up names.    So careful setup of the 'catch-all' user makes things manageable.

Properly addressed spam matching a valid user name is only about 2 or 3 a week, despite the fact that one of my addresses ("support@******.com") is free visible for all to see on a crawlable web page.

[guest]

I use a paid-for email service with my hosting supplier. They do have spam and virus checking, but the spam filtering takes some time to learn, and educates itself by users moving mails to and from their spam folder. I hadn't previously enabled the virus checking option, but now I have done so, and the Royal Mail, DHL, etc. scam mails are being trapped by this.

Yeah 1and1's anti-spam system is terrible unless you use their (equally terrible) webmail app. Its also very prone to false alert IME, that's one of the reasons I do the processing myself - Mailtraq has an excellent self-learning bayesian filter system (amongst many other things).

On the plus side your emails are stored in Germany (who are marginally less likely to hand it over to the yanks than the UK is); they offer encrypted POP3 collection and encrypted SMTP as standard (although only using TLS for SMTP) and they're a hell of a lot more reliable than their UK subsidiaries (like Fasthosts  ).

Edit - forgot to mention that you get 2GB storage space (not for email) with every account. I only discovered that a couple of months ago, shows how much attention I pay but its actually quite good as you can setup access to the space for anyone you want. I've been exchanging photos with a friend in Australia this way - his wife takes huge resolution photos and he can't be bothered resampling hundreds of photos so its quicker for him this way. Also large attachments are the spawn of the devil and should never be sent via SMTP 

[broadstairs]

My hosting company is Ariotek which has proved to be very reliable for both hosting and email handling over the years. They are UK based (well Scotland to be perfectly accurate - dont know how that might work if they go independent  ) and have UK based support staff who are very knowledgeable and helpful.

Stuart