spam-prevention interview questions
Top spam-prevention frequently asked interview questions
Why would someone send out emails with the following information?
Subject: 45wz6
Body: aua
It seems like something a hacker/spammer would be doing but I am not sure what they are trying to accomplish.
Is there some other information in the email that can be viewed which might tell more of
the intent of the email?
Source: (StackOverflow)
I tried emailing my wife from my new company email account (which uses Exchange). When she responded, her email went into the "Junk E-mail" folder. So I tried a few things:
- Added her to the "Safe Senders" list
- Added her as an Outlook contact and checked the "Also trust email from my Contacts" box in the "Safe Senders" tab
- Added her domain to the "Safe Senders" list
- Switched from "Low" to "No Automatic Filtering" in the Junk Email options
No matter what I would do, her emails would still go into the Junk Email folder.
Can anyone recommend additional things to try?
Source: (StackOverflow)
After a hiatus of several years where I was using Apple Mail I've gone back to using Thunderbird for my mail. I'm generally pleased with Thunderbird. I like that it works on all OSes (I use several). I like that it can handle multiple accounts (I have several). I like that I find it intuitive. I want to keep using it.
However, I'm having some serious trouble getting the junk mail filters to actually work. This is on Ubuntu with Thunderbird 2.0.0.22, and MacOS 10.4 with Thunderbird 2.0.0.16. There's more than one account. There's also more than one Thunderbird instance but they are sharing Junk folders over IMAP (only way I know to train both of them).
Everything I've ever read suggests that after training on 3000-4000 messages most spam should be caught (barring waves of new varieties which come along periodically). That's been my experience in the past. At first, mostly untrained, I was getting between 20 and 200 messages a day. This didn't slow down much after a couple of days. I have a fairly large body of existing spam, some 20000 messages, and I added it all at once. That improved the true positive rate considerably, though I was still getting a handful of spam messages a day. Frustratingly many of these seemed to be the same message, and Thunderbird seems to have a great deal of trouble recognizing some of these. (I looked at a few to see if they are doing the normal tricks that give filters a hard time: images instead of text and/or random paragraphs of "known good text". In one case that was true but in others the messages appear to be short and mostly empty. No images or embedded text.) And now, in the past week or so, the rate has shot back up again to a dozen or more an hour. It's as if the filtering has just stopped.
Basic procedure and obvious gotchas, which I've already done:
- Enabling junk mail filtering in Thunderbird requires two separate settings:
- In the
Options (aka Preferences) select Privacy | Junk and enabled 'When I mark messages as junk`. You then choose to move messages to a Junk folder or delete them. I always do the former to prevent losing mail.
- Under
Account Settings for the account select Junk Settings enable Enable adaptive junk mail controls for this account.
I know these work because junk mail is being filtered. Just poorly.
Things I've tried:
- I've tried looking at the file
training.dat. I've peered inside it with things like od and strings and it is mostly embedded strings. But the format is basically opaque. It does grow, but noticeably it does not grow every time I mark a message as junk.
- I've turned on Junk Filter Logging (
Preferences | Privacy | Enable junk filter logging). This does nothing. There is no log. I seem to remember trying this years ago and it didn't do anything then either.
- I've considered tossing
training.dat and starting over, but (a) it is changing (b) I don't really want to start over and (c) there's no way to mix training files, so you really can't go back to an old file without losing whatever you've gained.
So, questions:
- How can I tell if training is actually happening?
- Should I expect
training.dat to change every time I mark something as junk?
- Why don't the logs appear?
- Do I have to mark each message individually, or can I mark a whole bunch of messages at once?
- Are there any tools for finding out when the filter runs and what it is doing when it does?
- Are there any tools for decoding the training file?
- Overall, why does it seem to have stopped working, and what can I do about it?
There's lots of links to Thunderbird junk mail filtering on Google, but they almost all boil down to basic tutorials. I am looking for more than just basic instructions: I want to know how to debug or diagnose how the filter is working -- or not working.
Update:
I wasn't clear about this originally but I have successfully used Thunderbird in the past, for a period of many years. I stopped for a few years because I was using Apple Mail. So it's not a problem of not knowing the basics or not getting any filtering. Filtering is happening just sporadically and poorly.
Source: (StackOverflow)
Is there an IP address that would result in any packet sent to be ignored (blackholed)?
I know I can always set up a router with an IP address and then just have it ignore all packets sent to it, but does such a thing exist to save me the trouble?
Source: (StackOverflow)
Most of the time when I see someone post their email address online, especially if it's a personal address, they use something like
me [at] example [dot] com
instead of the actual email address (me@example.com). Even top members of this community use similar styles in their profiles:
jt.superuser[AT]gmail[DOT]com
quixote dot su over yonder near that gmail place
The typical rationale is that this kind of obfuscation prevents the email address from being automatically recognized and harvested by spammers. In an age where spammers can beat all but the most diabolical captchas, is this really true? And given how effective modern spam filters are, does it really matter if your email address is harvested?
Source: (StackOverflow)
We all have them. On Facebook, Twitter, even in email. That friend (or friends) that rebroadcast every hoax from abandoned puppies, abducted little girls or whichever political outrage email is currently en vogue.
How can I educate my friend(s) who continue to do this and keep them as friends?
If it only happened once or twice, I am sure I could just point out the appropriate page on Snopes.com or similar. I am specifically referring to serial offenders that actually think they are providing a service to the world.
Source: (StackOverflow)
Lately, we've been getting a LOT of telemarketers and spammers calling our home line, evn though we're entered in the national Do Not Call directory.
The other day, I unearthed a Pentium 1 in my basement - it had a dial-up modem in it, and we could actually manage to send a "phone call" made of a horrible screeching, grating sound.
I was wondering if there's any way to use this to answer an inbound phone call.
Our current setup is this: we have a phone connection, and an internet connection. There are 2 phone jacks in the wall (each one is a full hookup.) We have a DSL filter hooked up to one jack, with its outputs going to the Modem and the Phone.
What I'm envisioning is this:
- Telemarketer calls us.
- We check the CID, confirm it's a spammer (the same 3 or so are calling us OVER and OVER and OVER...)
- We quickly run over to the Pent. 1, and click something, maybe a batch script or similar, that would do this:
- Tap into the phone line as a normal handset
- Attempt to perform a dial-up handshake.
- Salesman: "?????"
- PROFIT! (Well, maybe not profit, per se, but it will certainly be nice not to be spammed every 5 minutes...)
So, if anyone could help me out with this, that would be nice.
P.S., if this is illegal (harassment, spam, etc.,) just answer it as a hypothetical answer to a hypothetical question. (I may need some hypothetical troubleshooting, as well... ;)
Source: (StackOverflow)
In short: is there any way to get the full whois-details for domains like apple.com, using the command line on Max OS X?
Running whois on the command line for, for example, apple.com is like searching for all domains that include that phrase. So, thanks to whois-spam, this gets one the following on a Mac or on FreeBSD:
$ whois apple.com
Whois Server Version 2.0
[..]
APPLE.COM.WWW.BEYONDWHOIS.COM
APPLE.COM.MORE.INFO.AT.WWW.BEYONDWHOIS.COM
APPLE.COM.IS.OWN3D.BY.NAKEDJER.COM
APPLE.COM.IS.0WN3D.BY.GULLI.COM
APPLE.COM.BEYONDWHOIS.COM
APPLE.COM.AT.WWW.BEYONDWHOIS.COM
APPLE.COM
To single out one record, look it up with "xxx", where xxx is one of the
of the records displayed above. If the records are the same, look them up
with "=xxx" to receive a full display for each record.
To get some extra info for all these domains, I can run the command for =apple.com, like:
$ whois =apple.com
Whois Server Version 2.0
[..]
Server Name: APPLE.COM.WWW.BEYONDWHOIS.COM
IP Address: 203.36.226.2
Registrar: TUCOWS INC.
Whois Server: whois.tucows.com
Referral URL: http://domainhelp.opensrs.net
[..]
Domain Name: APPLE.COM
Registrar: MARKMONITOR INC.
Whois Server: whois.markmonitor.com
Referral URL: http://www.markmonitor.com
Name Server: NSERVER.APPLE.COM
Name Server: NSERVER.ASIA.APPLE.COM
[..]
Updated Date: 21-jan-2009
Creation Date: 19-feb-1987
Expiration Date: 20-feb-2011
Still, this does not give me the full record, like the one including the contact information:
$ whois -h whois.markmonitor.com apple.com
[..]
Administrative Contact:
Apple Inc.
Apple Inc.
1 Infinite Loop
Cupertino CA 95014
US
[..]
(On Redhat Linux, jwhois shows only apple.com but without the contact information; on Debian whois version 4.7.20 yields summaries of all domains like above, and additional detailed info for the exact matched domain, apparently by doing an additional query at whois.markmonitor.com for that exact match.)
I even tried to telnet directly, but cannot come up with anything I cannot do using the whois-command, so I guess that is useless:
$ telnet com.whois-servers.net 43
Trying 199.7.55.74...
Connected to whois.verisign-grs.com.
Escape character is '^]'.
apple.com
[..]
So: is there any easier way to get the full details for such domain (for only the exact matched domain), using the command line?
(Thinking that command line whois would soon be banned in favour of captcha-enabled web interfaces, this never bothered me a lot. But still, I'm curious...)
Source: (StackOverflow)
Spammers or someone is sending emails using our domain.
- The emails are from a user we didn't create called regeniaberry67a@ourdomain.com.au.
- The email is to regeniaberry@ubtanet.com.
- The content of the email talks about a stock that is 6 cents but will go to 15 cents and that someone should buy it. It contains a link to Yahoo's finance website but I wont click it so I'm not sure if its legitimate. We know of the emails because we get bouncebacks (the recipient mustn't exist).
What could allow a someone/bot to send an email under our domain name? Is there anything we can do to stop this? Is this Dictionary Spamming?
Source: (StackOverflow)
I have several (4-6) different Google accounts, I use the Gmail addresses for different reasons and I forward the emails from all of them to a single Gmail account.
Occasionally, important messages in these various Gmail accounts will get mistakenly sent to spam (false positives). These messages do not get sent to my catch-all Gmail account. These false-positive messages are never critical (if they were, I'd choose to have them sent to my "main" account), but this has happened frequently enough that I wish there was a way to disable or bypass Gmail's spam filter so that every message comes through and the spam filtering only happens in one place.
If the spam filtering only happens in one place, I only have to check one place for false positives. Gmail's filters are excellent, but they're not perfect.
Source: (StackOverflow)
Complete message received by Gmail (email, server ip and host are replaced):
Delivered-To: <myemail>
Received: by 10.180.24.132 with SMTP id u4cs216052wif;
Thu, 20 Oct 2011 03:22:03 -0700 (PDT)
Received: by 10.14.9.165 with SMTP id 37mr1294749eet.51.1319106122223;
Thu, 20 Oct 2011 03:22:02 -0700 (PDT)
Return-Path: <www-data@<serverdomain>>
Received: from <serverdomain> (<serverdomain>. [<serverip>])
by mx.google.com with ESMTP id s55si2781134ees.156.2011.10.20.03.22.02;
Thu, 20 Oct 2011 03:22:02 -0700 (PDT)
Received-SPF: pass (google.com: domain of www-data@<serverdomain> designates <serverip> as permitted sender) client-ip=<serverip>;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of www-data@<serverdomain> designates <serverip> as permitted sender) smtp.mail=www-data@<serverdomain>
Received: by <serverdomain> (Postfix, from userid 33)
id AEF1F47462EE; Thu, 20 Oct 2011 10:22:00 +0000 (UTC)
To: <myemail>
Subject: Registration confirmation
From: <sitename> mailing robot <no-reply@<serverdomain>>
MIME-Version: 1.0
Content-type: text/html; charset=utf-8
Content-Transfer-Encoding: 8bit
Message-Id: <20111020102200.AEF1F47462EE@<serverdomain>>
Date: Thu, 20 Oct 2011 10:22:00 +0000 (UTC)
Please confirm your registration on the site by clicking this link:
<A rel='nofollow' href="<confirmationlink>" target=_blank><confirmationlink></A>
What's wrong with this e-mail? Why does Gmail think it is spam?
Source: (StackOverflow)
I'm very paranoid. Don't ask why because that's besides the point here.
I want to create a domain with some random name, such as 723jr2d.com
And then, when anyone asks for my email address, I want to generate a new random email forwarder for that person to use, such as kl2893dk@723jr2d.com
I think this is perfectly legitimate approach, because if I have tons of email forwarders, and I notice spam coming through one of them, I can just shut down that forwarder. It also contributes to my feeling of privacy online, so it's important to me.
But my question is: If I set up my mail servers up like this, will I get into trouble getting through other people's spam box filters when sending and replying to emails? Is that how spam filters work?
Source: (StackOverflow)
I have my own domain (lets call it MyDomain.com), and my email account is set up such that all mails sent to @MyDomain.com will end up in the same mailbox.
So, think of a word, put it in front of @MyDomain.com, send me an email, and I will get it.
When I sign up for SomeService.com, the email address I will give them is ‘someservice@MyDomain.com’.
This means that if I get a spam email sent 'To' someservice@MyDomain.com, I can identify 'someservice' as having compromised my email address...Or so I thought.
When catching a company (a pharmacy from whom I'd bought earplugs), as far as I was concerned, red-handed, I sought them out, and got the following response:
I am one of the webmasters of the
[SomeService] commerce portal. We take
user data security very seriously as
our business depends on this.
We have
been PCI certified by 2 independent
agencies who routinely scan our
systems for security flaws.
Emails can
leak out at multiple levels including
the users computer or in transit due
to network sniffers that are
increasing being employed by
professional spammers.
We not only
keep our systems behind a firewall but
also encrypt user data to ensure
privacy even from our own staff.
I reiterate this is not something we
condone and we will do an internal
investigation to ensure our systems
are clean.
Kind Regards [administrator]
What do you folks make of this? Some questions I'm asking are
- What is PCI certification and can I take this seriously/is is credible?
- Is the 'email-leaking' and 'network sniffer' claims credible?
And any thoughts in general. Let's just say I'm learning.
Thanks,
James
Source: (StackOverflow)
I'm using an IMAP mail service (fastmail.fm) which moves Junk email messages to an IMAP folder called "Junk Mail". Outlook archives Junk to "Junk E-Mail".
How do I change Outlook so that it uses the "Junk Mail" folder for Junk instead of the default?
Source: (StackOverflow)