On Feb 26, 2009, at 12:05 PM, Alexander Harrowell wrote:
On Thu, Feb 26, 2009 at 5:28 PM, John R. Levine <johnl@iecc.com> wrote:
This also pre-dates organized crime becoming heavily involved, and
pre-dates the obsession with browser exploits. Back then a lot of spam was sent by semi-legitimate marketers from the US. These days all the bad guys are out to get you to click on a single link.
Right. Back in the 90s spammers were trying to build their lists, and used fake opt outs to do so. These days through a combination of web scraping and dictionary attacks, they have more addresses than they know what to do with.
My advice to people these days is to unsub if a message is from someone you've corresponded with before, or if it looks like someone who is legit but clueless. Then hit the spam button.
My advice is to always check the full email headers for anything you are the least bit suspicious of. Does it appear to come from whom it purports to come from ? Is the path likely ? (Big US companies do not as a general rule forward their email through small Eastern European ISPs, for example.) If it fails this test, treat it as radioactive and don't click, respond, etc. If it passes, and if the sender is in your field, then use your judgement. (I unsubscribe to the "newsletters" that keep popping up from Chinese ethernet switch makers, for example.) Regards Marshall
Of course, the browsploit issue means that clicking on ANY links in dubious e-mail is highly unwise.