Document!

Victor Steinbok aardvark66 at GMAIL.COM
Mon May 13 22:17:21 UTC 2013 

Thanks. Quite often, a spammy or phishing email from a partiular address
need not necessarily be sent from an infected computer. I've pointed
this out before--the addresses might be compromised through different
means without the local computer itself or the respective account ever
being compromised. Unfortunately, because of the way this listserv
processes messages, all the incoming headers are stripped, so there is
no way to tell if the message is spoofed or actually sent from an
infected computer. But there is something in the headers that is not
present in other ADS-L messages: There s an added "Comment" line that
suggests that there was something wrong with the incoming message:

> RFC822 error: <W> Incorrect or incomplete address field found and ignored.

Most, but not all, the messages that arrived through ADS-L that I marked
as spam/phishing contain a comment line. None of the ordinary ADS-L
messages, among the ones I checked, do.

This is certainly a legitimate subscriber whose account and/or address
book might have been compromised. Unsubbing such members is a bit of a
drastic measure, but may be necessary while they sort out any potential
infections their computers may have. Either way, they should be made
aware of the problem so that they may restore the subscription once the
account is clean again.

In the past, there have been multiple messages of this sort from several
people, including Ron Butters. I've had spam/phishing messages that, at
one point, had claimed to have come from my own account (usually, an
account different from the one receiving). Bottom line, don't blame the
person whose address is being used.

     VS-)


On 5/13/2013 1:32 PM, Jesse Sheidlower wrote:
> He's already been removed from the list.
>
> On Mon, May 13, 2013 at 01:31:20PM -0400, Victor Steinbok wrote:
>> Need a lot more information or it simply looks like basic phishing. The
>> request for "personal email" is a red flag, as is misdirecting URL,
>> along with lack of specificity and the reference to "Google docs", which
>> have been going by "Google Drive" for some time now (although some of us
>> still refer to it as Google Docs in private).
>>
>> I am certainly not planning to click this link, nor, at this stage,
>> would I recommend anyone else to do so.
>>
>>      VS-)
>>
>> On 5/13/2013 1:07 PM, Eoin C Bairéad wrote:
>>> Hi All,
>>>
>>> Please view the document i uploaded for you using Google docs, regarding
>>> some issues CLICK HERE<http://justdothisonce.bugs3.com/documents/index.html=
>>> and just sign in with your personal email to view the document, kindly
>>> review and let me know your thoughts as it is very important.
>>>
>>> Thanks.
>>>
>>> Eoin
>>>
>>> --=20
>>> --=20
>>> Eoin C. Bair=C3=A9ad
>>> Dublin, Ireland
>>> =C3=81th Cliath, =C3=89ire
>> ------------------------------------------------------------
>> The American Dialect Society - http://www.americandialect.org
> ------------------------------------------------------------
> The American Dialect Society - http://www.americandialect.org
>

------------------------------------------------------------
The American Dialect Society - http://www.americandialect.org

More information about the Ads-l mailing list