On Cell Phone Forums
Closed Thread
Page 1 of 2 12 LastLast
Results 1 to 10 of 12
  1. #1
    Lars
    Lars is offline
    Member

    Posts
    59
    Hi there,
    Today I received Junk Email <SPAM> that was addressed to an email address I use exclusively on this forum. My profile specifies that this email address is not public and I can't see any (obvious) way for an outsider to obtain it.
    This means one of two things: either someone hacked your system and obtained the address that way, or, someone with authority to access the email addresses sold them to a spammer. Either way, I'm not happy!
    I suggest that the administrators publish a Privacy Policy and plug whatever leak was used to provide the spammer(s) with my address.
    I also suggest that other members may want to use a "throw-away address" when registering on the cellphone forums in order to avoid getting bombarded with junkmail.


    See More: CPF email address privacy




  2. #2
    Brad729
    Brad729 is offline
    Phone Expert
    Brad729's Avatar

    Location
    Jacksonville, FL
    Posts
    2,317 - liked 111 times

    Re: CPF email address privacy

    Umm, please don't jump to conclusions and blame us for your spam. Do you know what a "spider" is (not the eight-legged kind)? This is a software legitimate websites use to catalogue the internet (search engines) but they can just as easily be exploited by hackers for more devious purposes. Once the domain your email originates from is spidered by google or other search engines, it becomes a public domain for the whole world to see. Spammers may then use a ware similar to a password cracker, which basically sends an email to everything from [email protected] to [email protected] and they know which ones are valid addresses because those are the ones that don't bounce back. After you receive that initial spam mail, they know you have a valid address and soon the spam will start pouring in. This is how spammers get huge lists of emails from domains like aol, hotmail, gmail, etc. A fourth possibility that you failed to mention is that your network could have at some point been compromised by a trojan, spyware, or key logger that reported back to its creator some of the places you've been and strings of text you've typed.

    Do you know what slander and libel are? I'm not the webmaster, just a lowly Super Moderator, but I don't appreciate you making accusations about our site that you can't back up with any evidence you can present in court (other than your own naivete regarding how the world wide web operates). We have not been "hacked" or compromised, it is much more likely that you are the victim of hacker tricks like mail sniffers, key loggers, etc as mentioned above. So, please get your facts together before you start committing acts of libel against our highly reputable administrator and his site.
    Last edited by Brad729; 07-07-2006 at 05:58 PM.



  3. #3
    Brad729
    Brad729 is offline
    Phone Expert
    Brad729's Avatar

    Location
    Jacksonville, FL
    Posts
    2,317 - liked 111 times

    Re: CPF email address privacy

    Next, you're gonna come back and tell me your network has never been compromised. Tell ya what, I'll remove any personally identifiable information from this quote I'm copying from your domain.
    Email Spoofing (Faking or Forging) of xxxxx.cc addresses



    Any spam email you have received did not come from us.



    We, as well as you, are the victims of spammers who are forging/faking/spoofing xxxxx.cc email addresses. The spam was not sent from any of our facilities or email addresses. It was totally beyond our control, and we regret very much that we cannot stop it.



    We had nothing to do with such spam, which is a misrepresentation of our good name. All xxxxx.cc email addresses are used for our business and private purposes. Our email addresses are not available to others. We do not send, and have never sent, spam email of any sort.



    Non-existent email addresses are being given as the “FROM” and/or “REPLY-TO” address in spam email, for example [email protected], [email protected] and many others along similar lines. If you have received such spam email we are sorry, but emphasize that it was nothing to do with us and was beyond our control.



    In all these instances the "(mis) users" of the email addresses have neither the authority nor the internet capability to use the email addresses involved. If you respond to any of these non-existent email addresses (or your vacation message does so on your behalf), you are likely not to get a response from us.



    For more about email spoofing, try a worldwide Google.com search using the words (but not as a phrase) email spoofing spam . You can also search using the combinations forged email or spam spoofing or spoofing email



    Thank you for your understanding, and we hope the rest of your day is a good one.



    Sincerely,



    The owner of xxxxx.cc



    How You Can Help - Track Spam Spoofers
    If you ever receive such spam-mails that look like messages sent by someone at xxxxx.cc, please:

    Report spoofed xxxxx.cc e-mails to us at [email protected]

    Send the original spoofed e-mail as an attachment. (See the "send" menu of your e-mail program)
    Sending the e-mail as an attachment is the best way to preserve the "header information," which may enable us to trace the true origin of the forgery.
    It seems you have gotten the attention of some spammy hackers, I would never in a million years think they would try to phish your domain for valid email addresses while they were using it to send out fraudulent emails to other addresses they randomly phished! Why would they do that when there are so many other thousands of domains to phish first? I guess you just got lucky.



  4. #4
    Lars
    Lars is offline
    Member

    Posts
    59

    Re: CPF email address privacy

    My apologies Brad: It seems the explanation on my site was not explicit enough:
    The spammers the site is talking about, FORGE randomly generated return addresses at my domain. They do not have access to my domain and cannot legitimately send anything FROM that domain. It is someone who sits in a different country, on a different continent who has absolutely nothing to do with me and just simply decided to insert phoney addresses into the header of the spam they send out.
    This, however, is not the problem I was talking about in my original post. I was talking about an address that exists in only in the cellphone forum. There is, in fact, no true email account with that address - emails sent to that address are simply forwarded to my 'real' address.
    I suggest, rather than getting all defensive and 'legalese' here, you may want to take my post as constructive criticism: There IS a problem - somewhere - and the source of this problem should be investigated. You probably dislike spam as much as I do and, as a moderator, I would have hoped you would show an interest in ensuring that the problem is not on the side of the cellphone forum.
    (And no: in the 40-some-odd years I've made my living in computers, my own personal network has never been compromised <yet> )



  5. #5
    Brad729
    Brad729 is offline
    Phone Expert
    Brad729's Avatar

    Location
    Jacksonville, FL
    Posts
    2,317 - liked 111 times

    Re: CPF email address privacy

    Lars, you completely overlooked the points I was trying to make and misconstrued the rest. Spammers randomly obtain email addresses by phishing. They get a domain name, plug it into a program, and mass-mail a "test spam" to every imaginable user on that domain until they get a few "bites" (the ones that don't bounce back). This is a method of phishing.

    You acknowledge that your domain is being fraudulently used by spammers to send mail out (yes yes I know they don't have access to your domain, well if I wanted to I could send you an email that appeared to be from any domain real or not, and if I had the right software I could sneak a mailsniffer into that email to let me know if it was delivered or bounced), but you don't seem to want to accept the possibility the same spammers might use your domain to phish other domains without trying to also phish your domain too.

    The only person who has access to a database of email addresses here is the primary administrator, John. The supermods can view your email address, but only by looking you up by your username first (regular mods cannot). I guarantee you none of us have been sitting around here days on end copying email addresses one by one, and our site has never been compromised by hackers.

    You have jumped to the conclusion we compromised your email address, but you're not listening to me tell you while there are some spammers who buy lists of email addresses, the vast majority of them have taken to simply phishing domains until they get a hit. I have gotten spam mails that were addressed to [email protected]in and I've gotten spam mails addressed to [email protected] with the blank being every possible 3 digit number combination.

    So, you need to get over accusing us of letting your email address get into the hands of spammers and do some research for yourself where spam comes from. I have an email address I don't use for ANYTHING AT ALL, I've had it since high school and I only maintain it for the possibility that someone from high school will see it in their yearbook and try to write someday. It was only ever used to email a small handful of family and friends, but I stopped using it in 1999 and just check it often enough to keep the account open. About 2 years ago, I started getting spam mail at this address, which was at least 3 years since I had sent or received any mail from said address (it's hooked up to my outlook express).

    I guess that means someone I knew 10 years ago in high school sold my email address to a spammer out of the back of their yearbook? Go figure. I get a ton of spam there now, and I can guarantee you I've never used that address to sign up for any websites or anything! My high school friends have long ago forgotten about me and the address is not used for anything whatsoever. I'm not going through the local phone directory calling people whose yearbooks I signed a decade ago to ask them if they sold me to a spammer... do you how this relates to you and what you're doing, especially after I've already explained it to you once.
    Last edited by Brad729; 07-08-2006 at 05:01 PM.



  6. #6
    Brad729
    Brad729 is offline
    Phone Expert
    Brad729's Avatar

    Location
    Jacksonville, FL
    Posts
    2,317 - liked 111 times

    Re: CPF email address privacy

    Aside from all of what I just said, don't you think it was a little pissy for you to make a thread about it instead of contacting us first? If I seem a bit defensive it's because what you've done here I'd compare to badmouthing a coworker to a storeful of customers instead of going to that coworker and resolving the situation like a mature responsible adult, I'd fire the sleazeball that did that under my management. Sure I could delete the thread and be done with it, but we don't have anything to worry about from your false assumptions and our regular members are probably all laughing as hard as I am at all of this. Have a nice day, I see no point in continuing this discussion.
    Last edited by Brad729; 07-08-2006 at 05:23 PM.



  7. #7
    Mark
    Mark is offline
    Phone Expert
    Mark's Avatar

    Cell Phone
    Samsung Galaxy S II
    Location
    Éire
    Posts
    2,584 - liked 40 times
    Follow Mark On Twitter Add Mark on Facebook

    Re: CPF email address privacy

    Nicely put Brad, He covered it all and he's right, you can open up an account on any random domain, and NEVER user it, never put it on any site, and dont tell anyone, and give it time and spam will start to flow into it, just a problem with how email is done, so you'll have to get used to, spam is easy to take care of anyway, plenty of good spam blockers out there.



  8. #8
    tavenger5
    tavenger5 is offline
    Mr Admin Guy
    tavenger5's Avatar

    Cell Phone
    Samsung Galaxy S4
    Carrier
    AT&T
    Location
    PA
    Posts
    11,181 - liked 1148 times
    Blog Entries
    8
    Follow tavenger5 On Twitter Add tavenger5 on Google+

    Re: CPF email address privacy

    Brad, he does have a right to be concerned. He's right, I should have a more clearly defined privacy policy. Unfortunately there is no standard on the interenet for this yet.

    I assure you Lars, CPF does not sell e-mail addresses, and our system certainly hasn't been compromised.
    John

    Please click LIKE to show if a post is helpful or not!



  9. #9
    Brad729
    Brad729 is offline
    Phone Expert
    Brad729's Avatar

    Location
    Jacksonville, FL
    Posts
    2,317 - liked 111 times

    Re: CPF email address privacy

    Quote Originally Posted by tavenger5
    Brad, he does have a right to be concerned. He's right, I should have a more clearly defined privacy policy.
    I agree with you John, I respect and empathize with his right to be concerned, but I think he could have brought his concerns to our attention either publicly in a thread or privately via our site's messaging system without the direct accusations and unfounded alarmist warnings to other members. That's what got me hot under the collar, and if any apologies are warranted on my behalf, they will be gladly doled out after Mr. Lars acknowledges that he could have asked for a manager instead of standing on our sidewalk picketing in protest.

    Last edited by Brad729; 07-08-2006 at 10:53 PM.



  10. #10
    Lars
    Lars is offline
    Member

    Posts
    59

    Re: CPF email address privacy

    (I tried to post a reply here yesterday but that one apparently went into the bit bucket)

    Thanks to John (tavenger5): Yours was the first positive message that addressed the subject rather than trying to tear ME appart. I am glad to hear that you do not sell the email addresses and hopefully, at some future time, you will post a privacy policy. One question still remains: How did that spammer get that address?

    Brad:
    If I had been able to easily find a way to contact "the management" of Cell Phone Forums, I would have done so. Unfortunately, I was in a hurry at the time and could not find an obvious way to do so. (I have since found the appropriate link) In the absence of an obvious way to contact management, this seemed to be the most obvious way of getting your attention. (It seems to have worked!) Besides, I think other members might have an interest in this topic.
    If I had found a Privacy Policy, I would certainly have studied it before raising this issue.
    If I had found a way of unsubscribing from Cell phone Forums entirely, I would have unsubscribed, blocked the email address I used, and be done with it. Unfortunately, even your FAQs don't shed any light on how to do that. (Can you do that for me?)
    As for my suggestion to the public to subscribe with a "throw-away" address: I belive this is a good practise for any subscribtion anywhere.

    Since then, I have done a bit of "due dilligence":
    I used a web spider to extract all available addresses from your site. As expected, my own address was not among the hundreds the spider found. This seems to confirm my initial guess that my email was not easily obtainable from your site by the 'average Joe spammer'.
    I also used an email spider to check for email addresses at my own domain. As I pointed out earlier, even though it looks like a 'regular' domain, emails sent to that domain are simply forwarded to my 'real' address. As expected, the email spider marked each and every address (each and every possible number-letter combination) at that domain as "valid". Given that, why would that spammer have sent his junk ONLY to "[email protected]" but NOT to any other address on that domain? Spammers don't go through the addresses manually, they use a program to sent their stuff and a program behaves the same way for every address. It has no reason to single out this specific address.
    Given all this, I STILL believe that this spammer had access to email addresses he or she should not have had.

    You certainly have the right to stick your head in the sand and insist that nothing could possibly be amiss at your end, but it is YOUR reputation that is on the line here. If someone found my address and used it to send me junk email, the same is likely to happen to others and that then threatens the reputation of the entire cell phone forum. If I was in your shoes, I would certainly want to double check that nothing could have leaked out from my end.

    Lars



  • Similar Threads