[SC-Help] Re: Windows xp spam question

[John E. Malmberg]

Stephen Johnston wrote:
> Hi,
> 
> Does spam travel across different users in Windows XP? In other words, if 
> somebody gets my email address and starts spamming me, will they also spam 
> another user account on the same xp configuration?

Spammers will mix and match names and domains from e-mail addresses 
found on the internet and possibly on machines infected with worms.

So if a if you have usernames that are in common use, and one user in a 
domain gets a spam, chances are that the others will eventually get some 
spam.

If a machine on your network is infected with a virus, the spammers and 
other malware writers may have a copy of every document that was on that 
computer or the users of that computer were authorized to access.

Note that virus and spyware scanners only find previously discovered 
infections, not all possible infections.  Such scanners are usually 8 
hours behind the latest discovered worm in their definitions.

Depending on a virus scanner is like leaving your house unlocked and 
depending on a burglar to trip an alarm that they are looking for.

The web browsers on many machines will give out a ton of personal 
information on request of a website.

If the e-mail is HTML enabled, and automatically opens external links 
when you read the e-mail, then it is a gold mine to the spammers, as 
this has confirmed that their e-mail was read, confirms that they got 
through your network spam filtering, and have reached an exploitable 
computer.


For keeping spam out, the only thing that has been found to cause many 
networks to clean up security problems or deliberate hosting of spam is 
when all e-mail from those addresses is refused by either a number of 
small networks or a large ISP or network.

This practice has been going on for so long, it is rare that an I.P. 
address (considering all the internet) that sends a noticeable amount of 
spam will actually be sending any real e-mail.

Because of that, the use of conservative blocking lists to keep spam out 
of an e-mail server is far more accurate in both blocking and false 
positives than any system that tries to content analyze all mail and 
separate the spam from the real mail.

The difference is that in most cases, when a real mail is stopped by a 
blocking list, the sender usually gets notified by their mail server.

This visible indication horrifies some people who would rather shoot 
messengers than know about security / configuration problems in a mail 
server and get the real problem fixed.

With user spam filters or most content type spam filters, when a real 
e-mail is detected as spam it is silently deleted with both the sender 
and the receiver ignorant of the problem.

For some strange reason, that is the currently the preferred way of 
doing commercial and corporate spam filtering, where potentially 
important e-mails will be tossed with out a trace.

With no spam filtering at all, real mails are even more likely to get 
lost in the mess either from human errors or from mail server/network 
overloads.  Again because the problems are usually invisible, they 
appear to be less than in the case that gives a true indication of what 
is going on.

-John
wb8tyw at qsl.network
Personal Opinion Only