I asked in another thread how spammers manage to switch domain names seemingly at will. I get a lot of spam with random-letter/number domain names like "@nlarnk194." I block that, but soon they are back with another domain. Don't they have to pay for these domain names? How does this work?

Hi Catty
There are a few answers to this
The most frequent is a computer being "harvested" to be a zombie in whats known as a Bot net
The "way in" is an "always live" password to an email account Main accouts In my opinion shoulg be Manual logins not of a remember me condition (Makes a cookie file with the info inside !)
I posted this to another query earlier today on another forum..same question as yourself
The spammers scan the Internet for these and they stick up like a sore thumb then the second program fires 1000's of queries without tripping the Password timeout Normally set to 2 or 3 tries before it locks down the account.(another side effect of the Spammer Program if not a good interrogator) Can be successful if the Password is in plain english but adding a Number or 2 confuses the program or a mad word may help ? The secret is to keep this working and working you sign off and on again it has to do it all over again
The obvious way to keep these away is A) Keep the Antispyware and AntiVirus software updates Up to date B) Run the Microsoft Updates and C) Do Manual logins with passwords only you can remember no spaces OK? And Do use different ones on Secure sites (https://)

This search will give you more info on this Plague. Over Half a million Hits

Thank you, bedstor dear. I see that (like most things) it is a lot more complex than I thought. No wonder it's so hard to stop them!

I also found your answer in the 2nd thread helpful. I am a bit confused about changing the password on my email account - it's MSN mail program - do I have to call MSN to do this?

OK, I changed my password, at the hotmail site. Will this also work with MSN mail? Also, if I record it in RoboForm, will spammers still be able to find it?

Thanks for any help.

So long as you keep to a type password in to start and log out when finished system you are doing OK Changing to new password every so often is also rated a good thing to do .
Roboform and Passwords yes this is pretty secure You do know there is a password generator program within that program which make a random jumbled password if you need one Bad on the Memory though if you have to type it in manually
BTW Your AP screenname is actually quite a good example of a strong password Roboform rates it @41 Mine is 35 Rated going on the number /letter requirements

The return address you see in spam emails is fake, it's just a piece of text. The mailbox never existed.

A spam starts off as the pitch.

quote:

ENLARGE YOURSELF! Vizit me pills webspace!!!

The email client attaches the first headers - to, from and subject. In this case, the client was written by the spammer, and attaches randomly generated information for the subject and return address. The recipient is pulled from a list of confirmed mailboxes.

quote:

From: awesomepills@fakedomain
To: You@hotmail.com
Subject: Josie says...

ENLARGE YOURSELF! Vizit me pills webspace!!!

Next, the client begins the process of sending the email. There are lots of ways to do this, but we'll use the direct route for simplicity.

The program does an MX (mail exchange) lookup of your email host (in this example, hotmail.com). The lookup returns the server(s) which handles your email: mx1.hotmail.com

Now the program connects to your mail server on port 25 (SMTP). Talking to an email server is ridiculously easy, especially if it blindly trusts you, as this example server does. (A real hotmail server behaves similarly, but not quite as simple)

Messages in bold are sent from the spammer's end

quote:

HELO
250 WELCOME TO MX1.HOTMAIL.COM
MAIL FROM:awesomepills@fakedomain
250 OK
RCPT you@hotmail.com
250 OK
DATA
354 TRANSMIT MESSAGE
From: awesomepills@fakedomain
To: You@hotmail.com
Subject: Josie says...

ENLARGE YOURSELF! Vizit me pills webspace!!!
.



250 OK
QUIT
221 GOODBYE

Poof, the email has been sent and on it's way to your inbox! Just before the email is stored in the database, it applies a tracking header to the message.

quote:

Received from 255.0.0.1 by mx1.hotmail.com (64.4.50.50)
From: awesomepills@fakedomain
To: You@hotmail.com
Subject: Josie says...

ENLARGE YOURSELF! Vizit me pills webspace!!!

The only truthful piece of info we have is the ip address of the sending server. (255.0.0.1 in this example) Think of it like caller id, it shows the reported name, along with the real phone number of the caller.

Crafty spammers can use relays, proxies and zombies to send the actual message, protecting their real ip from being seen. But that process is a little too involved to explain in detail here.

If you feel adventurous, you can actually connect to an email server using telnet and send an email yourself. Just be sure to read the RFC first.

Here's an actual conversation between me and one of my mail servers, sending a test message to myself:

quote:

>telnet mail.vwire.net 25

220 mail.vwire.net ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.8 (1.8.
8.8)
HELO
250 Welcome, X.mc.at.cox.net [70.X.X.X], pleased to meet you
MAIL From:XXXX@XXX.net
250 Sender "XXX@XXX.net" OK...
RCPT to:XXX@XXX.net
502 Unknown command
rcpt to:XXX@XXX.net
250 Recipient "XXX@XXX.net" OK...
data
354 Please start mail input.
Hello from yourself. Congrats, you sent an email to yourself by telnet. lol
.
250 Mail queued for delivery.
QUIT
221 Closing connection. Good bye.


Connection to host lost.

>

Hope this was enlightening!

Just had this info/Tips page posted about Password strength
www.getsafeonline.org/nqcontent.cfm?a_id=1127
PS And the whole site has info about things like Cattys query and many other things besides (bookmark as a reference)
www.getsafeonline.org

Thank you, Jwooden and bedstor, that was helpful. I decided to just block the domains listed and that was the end of the crap. It took some time, but I must say it was worth it - I'm getting hardly any "postmaster" spam now. Thanks again, all who helped.

I enjoyed reading all this information, even though much of it was over my head. However, I have put in some time blocking all the spams that come my way. It took just a few minutes per day, over a period of a couple of weeks, and reduced my spam down to about two per day.

I want to thank everyone who wrote. It is so good of you to explain all that. Thank God for AnswerPool!