I get so much spam to a heavily published e-mail address that it is pretty much useless. The majority of them are various scams such as those telling me that I've won millions of dollars (the best yet, so far, is $900,000,000, but I'm holding out for at least a billion), those containing requests for bid scams, bogus blackmail attempts, occasional marriage proposals from 20 something women who cannot access their trust fund without a husband.

I'm now responding to select scams with a brief message saying:

Quote:

---

Dear sir,

Per corporate policy, all e-mail correspondence must be digitally signed and encrypted. Please publish your key and resend your e-mail signed with that key and encrypted with my public key.

Thanks you

---

What are the odds that any of them will do so?

Seems like any of them that know how to do that are unlikely to do so...but I'd guess 99% of them won't know what you're even asking of them, at which point they'll move along.

mickeyrig06sq3 said:

---

I was reading an article that basically says they intentionally make their email obviously bogus. Essentially, anyone who would initially fall for the email would be more likely to remain on the hook and fully buy into the scam.

---

That could be.

The ones with attachments of files are probably bogus since they are likely just trying to send out viruses. I never open such attachments anyway.

The ones promoting advance fraud scams are more likely to be working e-mail addresses because they need the victim to get back in touch with them.

JDCAG (NOT Colin) said:

---

Seems like any of them that know how to do that are unlikely to do so...but I'd guess 99% of them won't know what you're even asking of them, at which point they'll move along.

---

You are probably correct, which is okay by me. My response is to make them work for it by not providing any clues about how to create a key or upload it to a key server.

By the way, for a couple of years I automatically dumped all e-mails to this address that weren't encrypted with PGP. That worked great. For those two years, I didn't get a single e-mail to the address.

I have it set up now to send a message to everyone not signing and encrypting the e-mail that their message will not be delivered if not encrypted.

I was going to delete the messages outright, but figured I'd just move them to another folder that I can check to see if anyone responds asking about it.

Some enjoyable videos (if you enjoy seeing the scammers get fooled).

https://www.youtube.com/results?search_query=fooling+scammers

Caesar4 said:

---

Some enjoyable videos (if you enjoy seeing the scammers get fooled).

https://www.youtube.com/results?search_query=fooling+scammers

---

Those are good, but Lenny is better: https://www.youtube.com/channel/UCrBZYWrikliO6EPZKM7KxVQ

This isn't working too well.

I've set the account twice to bounce all e-mail that is not encrypted with a message that the mail must be encrypted. Both times, the filter disappears after a few hours. I wonder if I am making a mistake or if the e-mail provider is zapping the filter.

I'm seeing something unexpected, but it might just be a variation in the day to day spam loads.

I've been responding to advance fee frauds with:

Quote:

---

Subject: Notice of Policy Violation

Your e-mail to this address violates corporate policy requiring all incoming e-mail to be digitally signed and encrypted. E-mails violating corporate policies are deleted unread.

Please resend your e-mail with a valid digital signature and encrypted with the attached public key.

---

Below that is an in-line public key for the address. The message is also signed with the private key for the address.

Interestingly, not one of these notices has come back as undeliverable.

So what is unexpected? For the last three days the number of such scam mails has gone down to 1 or 2 daily!

On the other hand, my other spam seems to be about the same. I get quite a bit of Chinese spam daily. I tried sending the policy violation notice to them, but of the handful I tried, every one of them bounced as undeliverable because of no such address.

I suspect that I'm just seeing a lull in the advance fee fraud scams. After all, even if the number of scammers sending me these scams, surely they aren't going into their list of addresses and removing mine because of the violation notice.

This is rather puzzling.

I wonder if it's possible that the source email address no longer exists or never existed. Possibly, they're trying to get you to click a link in the email and not trying to get you to reply.

Another thought is that they're experimenting/developing a scam by iterating on the content and once it's working as they desire, then they'll use legitimate email addresses.

I don't recall the details, but many years ago I was taking a hacking class at a university. One of the assignments had us telnet to port 25 (SMTP) on a university machine (where an email server was running, setup just for this class). Then, we composed an email with some SMTP text commands.

Initially, I was just experimenting (not trying to follow the class objectives) to understand how the SMTP fields worked. So, I entered my work email address for the "To:" field and for the "From:" I entered bill_clinton@whitehouse.gov (maybe it was george_bush@whitehouse.gov). The subject/text was something about inviting me for dinner.

I didn't see anything on my work email so I abandoned my classwork for the night. The next morning I arrived at work and sure-enough, there was an email, ostensibly from the president, inviting me for dinner. I'm nearly 100% certain that the source email address was invalid but that's the source/from email address that was in the email.

(Due to how long ago it was, my memory is a little fuzzy....maybe email auth/validity is better now.)

Caesar4 said:

---

I wonder if it's possible that the source email address no longer exists or never existed. Possibly, they're trying to get you to click a link in the email and not trying to get you to reply.

Another thought is that they're experimenting/developing a scam by iterating on the content and once it's working as they desire, then they'll use legitimate email addresses.

I don't recall the details, but many years ago I was taking a hacking class at a university. One of the assignments had us telnet to port 25 (SMTP) on a university machine (where an email server was running, setup just for this class). Then, we composed an email with some SMTP text commands.

Initially, I was just experimenting (not trying to follow the class objectives) to understand how the SMTP fields worked. So, I entered my work email address for the "To:" field and for the "From:" I entered bill_clinton@whitehouse.gov (maybe it was george_bush@whitehouse.gov). The subject/text was something about inviting me for dinner.

I didn't see anything on my work email so I abandoned my classwork for the night. The next morning I arrived at work and sure-enough, there was an email, ostensibly from the president, inviting me for dinner. I'm nearly 100% certain that the source email address was invalid but that's the source/from email address that was in the email.

(Due to how long ago it was, my memory is a little fuzzy....maybe email auth/validity is better now.)

---

Those are good points.

That's why I'm not bothering with normal spams with links on the page.

On advance free frauds, you sometimes see a link on a page to a news story about some tragic accident that the scammers are trying to use to bolster their claim, but that's about it.

They often put a separate e-mail address in the spam for your response. I've been sending my Notice of Policy Violation to the From address and the Reply-to address in the headers and any address in the spam itself. For regular spams, a large number of them do use fake addresses, but for advance fee fraud scams, there is no point if you don't respond to the e-mail addresses in the spam.

If a spam contains an attachment (my e-mail client is set to only download the first 10,000 bytes or so of each e-mail and so the attachments are cut off anyway), my assumption is that it is a phishing attempt to try to get me to open the attachment on my computer. For these, there is no reason to think that the e-mail address is legitimate.

I do receive a lot of e-mails telling me that my e-mail account is being closed unless I click on a link. Again, these links are bogus.

Oddly enough, most of the spams in Chinese don't seem to have a link. Those are the ones I tried responding to but found that the e-mail addresses in the spams were invariably bogus. Some, but not all of these, do have what appears to be a telephone number.