On Feb 26, 2009, at 12:05 PM, Alexander Harrowell wrote:
On Thu, Feb 26, 2009 at 5:28 PM, John R. Levine <jo...@iecc.com>
wrote:
This also pre-dates organized crime becoming heavily involved, and
pre-dates the obsession with browser exploits. Back then a lot of
spam was
sent by semi-legitimate marketers from the US. These days all the
bad guys
are out to get you to click on a single link.
Right. Back in the 90s spammers were trying to build their lists,
and used
fake opt outs to do so. These days through a combination of web
scraping
and dictionary attacks, they have more addresses than they know
what to do
with.
My advice to people these days is to unsub if a message is from
someone
you've corresponded with before, or if it looks like someone who is
legit
but clueless. Then hit the spam button.
My advice is to always check the full email headers for anything you
are the least bit suspicious of. Does it appear to come from whom it
purports to come from ? Is the path likely ?
(Big US companies do not as a general rule forward their
email through small Eastern European ISPs, for example.) If it fails
this test, treat it as radioactive and don't click, respond, etc.
If it passes, and if the sender is in your field, then use your
judgement. (I unsubscribe to the "newsletters" that
keep popping up from Chinese ethernet switch makers, for example.)
Regards
Marshall
Of course, the browsploit issue means that clicking on ANY links in
dubious
e-mail is highly unwise.
