The infamous email shuffle words virus or something

Discussion in 'PC Hardware' started by RayLopez99, May 15, 2011.

  1. RayLopez99

    RayLopez99 Guest

    Ever had an email you send out come back at you as spam? For example,
    in your email to a friend, which let's assume is in unencrypted POP
    server form, is sent by Outlook and has the words "walk in the park".
    Then, in the next hour or so, you get spam that mentions "walk in the
    park" along with the usual Viagra spam ad. Your email back at you
    with spam in it.

    What causes this? I once had to clean an infected computer that
    displayed this symptom and it was a virus that manipulated Outlook
    outgoing messages. But my system is clean. So one of two
    possibilities: some agent is listening to my outgoing email server,
    and intercepting emails (since the emails are not encrypted), or, it's
    just a coincidence that "walk in the park" was used, since it's a
    somewhat common phrase.

    Any other ideas?

    RL
     
    RayLopez99, May 15, 2011
    #1
    1. Advertisements

  2. Maybe the person that you sent the e-mail to has an infestation.
     
    FromTheRafters, May 16, 2011
    #2
    1. Advertisements

  3. RayLopez99

    RayLopez99 Guest

    Yes, I thought of that. It occurred to me just after I posted.

    On another note: it is possible to send somebody's email to an "opt
    in" spam site? That is, analogous to a junk mail service, where you
    can send (an enemy's) postal mail address to this service to get the
    service to send junk mail to the postal mail address, is there
    something equivalent in the internet world? That way you can forward
    an email to this site, and the person's email address will get
    bombarded with spam.

    RL
     
    RayLopez99, May 16, 2011
    #3
  4. RayLopez99

    Etal Guest

    Not just one, but many agents are listening.
    Agents at both governmental organizations and private
    corporations. Echelon, FBI, Google, /et cetera/ /ad nauseam/
    somewhat depending on your location and the path your message takes.
     
    Etal, May 16, 2011
    #4
  5. Probably not so much for legitimate junk mail, but there are ways to get
    an e-mail address noticed by spammers or worms that are harvesting
    e-mail addresses. Here on Usenet is one such place, many samples of the
    "Swen" harvested the old fake e-mail address I used to use here.

    None of that would explain the possible coincidence of the "walk in the
    park" phrase, but you *did* say 'on another note'.
     
    FromTheRafters, May 16, 2011
    #5
  6. RayLopez99

    RayLopez99 Guest

    I wonder how true this is. When you send a ping sometimes there's
    only a few nodes inbetween your PC and your email destination, so I'm
    not so sure about "et cetera". http://en.wikipedia.org/wiki/Echelon_(signals_intelligence)
    - Echelon sounds like Urban Legend though I'm sure you know more than
    me on this.

    Still, I agree that potential for mischief in reading emails exists,
    though in practice so much traffic flows and due to memory constraints
    I doubt emails are kept more than a few days on most email relay
    servers, and perhaps up to two weeks for anonymous servers due to
    legal requirements.

    RL
     
    RayLopez99, May 16, 2011
    #6
  7. RayLopez99

    Shadow Guest

    Probably someone listening, or with access to the mail
    folders. BTW, why don't you use ssl on your emails. ? They will be
    world readable otherwise.
    Yes, it's possible, easy even.
    By the way, if that email address your headers is real, the
    spambots have picked it up ions ago.
    []'s
     
    Shadow, May 17, 2011
    #7
  8. RayLopez99

    RayLopez99 Guest

    Shadow can you tell me why SSL would work? In the past I've never
    used it, though it's available from my ISP. SSL would only protect
    the "first connection" from your PC to the ISP's server, correct?
    Then it would have to be decoded to plain ASCII, no? Otherwise, how
    would a recipient (the final node in the link in the email chain), who
    gets your email, be able to read it if it's SSL encrypted and that
    person does not have an SSL enabled server? Or is the assumption that
    everybody in the world now (including those living in remote parts of
    the world) has an SSL capable email server? Thanks in advance or to
    anybody else reading this.
    I know. That's why my email account at Gmail is always full of spam,
    but I only use this account for Google Groups.

    RL
     
    RayLopez99, May 17, 2011
    #8
  9. RayLopez99

    Shadow Guest

    If you use gmail, and enable encryption, your mail would go
    ssl encrypted all the way to google. And encrypted from google to the
    recipient's mail server.
    If the guy you wrote to accesses his mail without encryption,
    sure, the mail will be delivered read-for-all. Could be easily sniffed
    out.
    But it's almost impossible to find a server without
    encryption, and most modern mail clients enable it by default.
    Check the port you use for mail. If it's 995/465 it's
    encrypted. If it's 110/25 it's not.
    If you use a browser for mail, it should have the little lock
    at the bottom, and an https:// header in the address bar. Some sites,
    like hotmail, do not enable it by default, but you can do it in
    preferences.
    Hope this helped.
    (won't go into MITM attacks)
     
    Shadow, May 17, 2011
    #9
  10. RayLopez99

    Dustin Guest

    I'm just waiting to see how you attempt to educate those foolish enough
    to try and help you.
     
    Dustin, May 17, 2011
    #10
  11. It would be encrypted while traveling from your computer to the computer
    it negotiated the SSL with. It would keep doing this by re-negotiating
    on every session until it arrived at the computer mailbox (unencrypted)
    for the recipient.
    Yes, and at the socket layer before the client (the mailbox) gets it and
    holds it for the mail client (OE for instance) to retrieve.
     
    FromTheRafters, May 18, 2011
    #11
  12. RayLopez99

    RayLopez99 Guest

    So the assumption you are making--and I'm sure it's probably right--is
    that nowadays all nodes (or email relays) between your ISP and the
    target destination are accommodative of SSL, meaning they support
    SSL. Even if the 'guy you wrote to' has set his Outlook (remember, we
    are talking about POP3 not IMAP/browser based email clients) to port
    110/25, the other 'chains in the link' will accommodate SSL and up to
    the last "guy you wrote to" your email will be encrypted and not
    readable by the world. That is I suppose a fair assumption, but just
    to keep things as simple as possible I've always used unencrypted
    email in the past. And, like the above indicates (if I am correct),
    at some point in the chain, if your destination uses 110/25 (i.e. does
    not encrypt his POP3 connection) then the email will be unencrypted at
    this last link and available to the world to see, correct? Meaning
    the "guy you wrote to"'s ISP will be able to read your email.

    I see. This is the key assumption. Anybody else care to verify this,
    please feel free to. I will research the issue online a bit more and
    then probably switch to SSL
    Yes, this is what my ISP also says, thank you.
    I don't use browser for mail except at Hotmail, which is my IMAP
    account but Outlook is my main email POP3 client.

    RL
     
    RayLopez99, May 18, 2011
    #12
  13. RayLopez99

    RayLopez99 Guest

    I educate you, Foolish Dustbin. Taking you to skool, trollbait.

    RL
     
    RayLopez99, May 18, 2011
    #13
  14. RayLopez99

    RayLopez99 Guest

    OK, thanks, I got that. I am guessing that at every handshake the
    computers negotiate SSL based on a certificate going back and forth,
    and I'm guessing that this would slow down delivery of your email
    some, even if said email might be compressed if encrypted.
    OK. See also my reply to Shadow and feel free to add any further
    comments. Thank you.

    RL
     
    RayLopez99, May 18, 2011
    #14
  15. Based in part on a (pseudo) random number (pre-secret) each party
    generates that gets concatenated after each passes that number to each
    other covered by the key in the certificate. The resulting session key
    is unique to that session. The servers handle the e-mails in the normal
    manner and if another SSL session is required another one is negotiated
    and another unique key is generated and the mail is re-encrypted and sent.
    I would like to clarify a point. My misstatement above - the mailbox is
    not really a client it is a server. A minor point, but it was bugging
    me. My point was only that it is like encrypted voice communication,
    eavesdropping can be done in the room where the voices are heard, but
    *not* on the wire connecting them.
     
    FromTheRafters, May 18, 2011
    #15
  16. RayLopez99

    Dustin Guest

    It'll be years before you have any knowledge that I would require. And
    even then, that's being generous. See, I already know the stuff you ask
    questions about. I've played both sides of the fence and you're still
    playing tiddlywinks. Whether you like it or not, you are my bitch, not
    the other way around.
     
    Dustin, May 19, 2011
    #16
  17. RayLopez99

    RayLopez99 Guest

    Riiiggght shiite head. Not.

    Please answer this question: how is email read hostilely, by a third
    part? Please describe a typical scenario. The silence is deafening.

    Go play with your fence now dunce.

    RL
     
    RayLopez99, May 19, 2011
    #17
  18. RayLopez99

    Shadow Guest

    Anyone with permission to look at the mailbox at the ISP can
    read the mail. SSL is used only during the transmission.
    www.gawab.com does not use encryption. Probably the only big
    one that does not.
    Well use it, there are no disadvantages
     
    Shadow, May 20, 2011
    #18
  19. RayLopez99

    RayLopez99 Guest

    We seems to have a minor disconnect, unless I'm mistaken. You are
    referring to gawab.com as apparently an email client that works
    through the browser (from what I can tell from their website). I am
    referring to the ISP email server. I think every ISP email server in
    the chain of email servers going from the sender to the recipient in
    an SSL secured email has to support SSL or your email will not be
    transmitted properly. So my question was: is 99.9999% of the world's
    email servers "SSL capable"? If so, then you have no or almost no
    worries using SSL in your Outlook email program. If not, there's a
    chance somebody in some remote part of the world (say Zimbabwe) will
    not be able to read an email of your sent by SSL.

    Also consider this: somebody on the net said that SSL encrypted email
    is secure in transit, but, it is not secure (and unencrypted) while
    sitting on an email server. This person claims that many of the email
    breaches (i.e., people reading your email) occur while this
    unencrypted email is sitting on some email server, not when it is in
    transit. So SSL encrypted email is of limited use in this case.
    Agree or disagree?

    RL
     
    RayLopez99, May 20, 2011
    #19
  20. RayLopez99

    Shadow Guest

    Gawab allows pop connections, ports 110 and smtp port 25 only.
    I would say that 99.9999% of ISPs have ssl. A handfull do not
    use ssl on their mail servers.( So they receive mail from google with
    ssl, but users have to use unencrypted connections to access it -
    risking password stealing and privacy issues)
    No. ISP employees would quickly get the sack if found selling
    OP's mail details. The easiest way to get someone's email if the
    person uses ports 110 or 25, is to plug a sniffer into the cable or
    sniff the wireless,They could sniff out your password that way too.
    If you use ssl, the only practical way would be with a MITM
    attack, and only if you accept the rogue certificate.
    http://en.wikipedia.org/wiki/Man-in-the-middle_attack
    I wouldn't worry too much about those. If a box pops up in
    your email client asking if you accept a new certificate, just say no,
    then call the ISP.
    []'s
     
    Shadow, May 20, 2011
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.