196.20.162.226

That’s the Internet Address of an e-mail spammer who tried do get me to download a virus onto my computer today.

How did I catch it? Actually I knew right away.

But…In case you want to have a fighting chance to stop them from getting at you, maybe you should read on…

You should also know that I have BoxTrapper Spam Trap turned on on my web server to protect my e-mail addresses.

What is Box Trapper? BoxTrapper protects your inbox from spam by forcing all people not on your white list to reply to a verification email before they can send mail to you. Until they respond properly to the challenge that you can set up, their mail is held in queue on your web server.

To learn more about BoxTrapper visit your control panel and under “EMail Management Tools” you will see the icon for BoxTrapper. I STRONGLY recommend you take a look at the video before attempting to do anything, I’ve learned that knowing what needs to be done allows me to prepare to do whatever is needed to be done. Didn’t say “done right” just “done”!!!!

But I seem to have drifted off to the left…

So I see this message sitting in the BoxTrapper queue and “it” claims to be from the IRS.

First flag went up immediately. This e-mail message supposedly from the IRS was addressed to an address never used to communicate with the IRS in the first place. It was never used in any transaction with the agency…

Hmmmm…

Four more flags went up as I also noted there were four more messages waiting to be delivered to my computer from “The IRS”. Instead of being from a Manager within the IRS these were supposedly from “support@IRS.gov”

Uh huh…..

Right here I know these are garbage messages but I wanted to see where they came from. Sort of a morbid curiosity kinda thing….

Already knowing the messages were bogus I wanted to see what they said so I clicked on the subject line of the message (still in the BoxTrapper screen).

When you click on a message that is listed in the queue, the sever will display a text version of the message. This way you can see the message “remotely” because the actual message in its original form is never sent to your email program.

The message contained in the email says “primary account holder” failed to include important information with the return and all one needs to do is print out the attached forms and mail them to the address listed on the forms.

Okayyyyyy

In BoxTrapper you are offered the opportunity to delete and blacklist (or ignore) the sender.

Naturally I deleted the message. I also traced the Internet Address and saw that part of the path the message took to my server was through Mauritius (yet even the Internet Address could be faked)

Here’s the Honey Pot output for the address:

196.20.162.226 [Spam Server] [Dictionary Attacker]

“The Project Honey Pot system has detected behavior from the IP address consistent with that of a mail server and dictionary attacker.
Threat Rating 12 <– Pretty high
Example Messages Sent From 196.20.162.226

From: “Elizabeth Bean”
Subject: With a monster tool you can have even the most unt

From: “Hallie Schuppert” Subject: Sie vergoettern!

And so on and so on….

Now for those of you who are curious to try out BoxTrapper. I need to tell you that it will not send you any indications that it is holding messages for you to check and either approve or deny delivery.

You will need to periodically check to see if mail is sitting out there on your own.
How often depends on how often you tend to receive email.

I have to check mine daily (yeah all 36 of them….).

I’m sure some will say you don’t need all that and don’t have time to do all of that.

Well, you may not have time today. But if you download something that does your computer harm, how much time,effort and or cost do you think it will take to rectify the situation?

If you need help setting it up. You know how to reach me (ticket, email)…

Remember, don’t get click happy out there!

-Webmaster

These policies are designed to ensure that you have worry free usage of your server. Please review this information. It may reduce confusion later!

Limits
There is a 500 outgoing email hourly limit per domain. This limit is also applied towards Mailman. If you send over this amount in any hour, most of the e-mails will bounce back with an undeliverable error. If this occurs, it will then take some time for your account to be able to send again so we recommend waiting at least 1 hour after this issue occurs to begin sending email again.

Many of our servers have a limit of 30 POP3/IMAP checks per hour per IP address. If you go over this you’re likely to get a wrong password error message or an error stating “login incorrect”. If this occurs, please wait an hour and it will automatically unblock you. To prevent this from happening again, please make sure to disable auto checking or at least set it to something higher such as once every 10 minutes.

Any mailing list larger than 5,000 addresses will require a dedicated hosting solution. Note: Dividing one large list into smaller lists to get below this limit is not allowed.

There is also a limit to the number of Mailman mailing lists permitted as per listed in your cPanel display

Mailing Lists Rules
1. Any time you’re sending a message no matter how large your e-mail list is you must throttle it. We recommend you throttle it to at the very least sending 1 email every 10 seconds. (Sending 1 every 10 seconds would send 360 emails within 1 hour, keeping you below the 500 outgoing email limit.) If the mailing list software you’re using does not allow you to throttle you must switch to an application or script that will. We recommend PHPList, which can be found in your CPanel under Fantastico.

IMPORTANT: If you do not throttle and you try sending 500 emails, the server will try sending all 500 in 1 second which is not possible on the servers. This will cause a very high load on the server and the entire server will be sluggish, potentially affecting your site and service, until this sending process is completed. It is our desire to keep the server up and running without being sluggish or experiencing issues. Anyone who causes the server’s load to go high will be suspended and the process will be terminated. If you choose not to throttle, you will most likely be suspended for crashing the server.

2. Any mailing list over 900 email addresses is only allowed to be sent to during off-peak times to prevent high server loads. Off peak times qualify as all day Saturday and Sunday, and 1AM – 8AM Eastern Standard Time, Monday through Friday.

3. The list must be a Double Opt-In list. This means a user has subscribed for a newsletter or other email marketing messages by explicitly requesting it and confirming the email address to be their own. Confirmation is usually done by responding to a notification/confirmation email sent to the email address the end user specified. The double opt-in method eliminates the chance of abuse where somebody submits someone else’s email address without their knowledge and against their will. You will not be permitted to mail any mailing list that you were given or purchased. In doing so, this will also be considered spamming and may result in termination of the offending account.

4. Any unsolicited e-mail being sent will result in suspension or termination of the offending account. We take a zero tolerance stance against sending of unsolicited e-mail and other forms of spam.

5. Any mailling list MUST comply with all guidelines set forth by the United States government. These can be found at http://www.ftc.gov/bcp/edu/pubs/business/ecommerce/bus61.htm .

1. No direct SMTP mailers are allowed. An example of this would be a Darkmailer or The Bat!. Any mail should be sent through the local mail server/MTA for further delivery by the server and not done directly by scripts

T