BlenderArtists is leaking personal data?

Hi,

While some think I’m sort of a privacy freak, but I really hate SPAM mails. Today, I got a SPAM mail to an address that is associated with Blender only through BlenderArtists registration, yet the subject line clearly stated “blender”. WTF?!

Anyone else had this problem?

Never heard of this one before. Never had any emails from sources like that either. But that’s not to say that it doesn’t happen.

I can assure you that it did not come from anyone associated with this site.

BgDM

This is called spoofing and It is unlikely that it is BlenderArtists fault.
I own several domain names and regularly get spoofed emails from them.
If you email address is made public in any way on the site then bots can mine that information along with the subject matter of the forum in question to send you spam.
This is due to the lack of authentication on the SMTP.
If the site in question has configured the mail server to allow connections to the SMTP port, anyone with the right knowledge can connect to the relevant port and issue commands that will send email which appears to be from the domain itself. Even false address can be used.

There isn’t a lot that can be done apart from reporting the problem to the relevant authorities.

You could spam proof your email address.
For E.g. Username@[deletethis]domainname.com or Username[at]domainname.com.

Hope it helps :slight_smile:

That’s the thing, this e-mail is not made public anywhere in connection to Blender, which made it suspicious.

I’ll keep a watch on this matter and keep updated on the topic.

Are you sure you never posted your email anywhere on BlenderArtists?
Do keep in mind they can even read things like “user(at)domain(dot)com” or anything else to mask the fact that you’re giving an e-mail adress.

I usually do something like this:
“user is going to domain like at com… replace “is going to” by “@” and replace “like at” by “.””

If you’re sure you didn’t do this, it is indeed suspicious.

Well… happy hunting! :smiley:

You’ve got it somewhat wrong.

An e-mail is made up of several parts; one part which you don’t generally see is the “headers”, and this contains vital information for mail servers and mail readers such as outlook.

One part of the header is the senders address, all of which are added application-side, meaning there is no authentication of the data since there is no real means of validating that address in the first place. …

So aslong as you know how to make a small mail sending script (which is easy) and write your own headers, you can send mail from [email protected] if you wanted to.

The part which cant be faked is the IP address, as the mail server that is currently recieving the e-mail logs the IP address of the mail server that is currently sending it… So the first one on the list = the originating server and therefore if the ip 213.222.11.138 is in your e-mail header then it came from blenderartists servers…

So how does one obtain the header information?

As I said in the first post, some people think I’m a privacy freak, i.e., I’d never-ever post my e-mail or even part of it in here.

If you have to ask that question there’s little point in you knowing…

View>headers usally works though sigh

heres an example for you, with edits because it has my e-mail and stuff lol

Return-path: <[email protected]>
Envelope-to: [email protected]
Delivery-date: Mon, 11 Sep 2006 08:59:19 +0100

Received: from edited out
Received: from edited out
Received: From edited out

X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type:multipart/alternative;boundary=“----_=_NextPart_001_01C6D578.2C5AB0D2”

Subject: RE: Training Tonight 7.30-8.30
Date:
Mon, 11 Sep 2006 08:59:13 +0100
Message-ID: <4@H.ukr.local>
X-MS-Has-Attach:
X-MS-TNEF-Correlator: Thread-Topic: Training Tonight 7.30-8.30
Thread-Index: AcbVd525AKE6TuSCSGiacOZQqGUbNgAAHbag

From:
Jonathan Parkhouse <[email protected]>
To:
Chris McDonald
X-Evolution-Source: pop://g%[email protected]/

Lol :stuck_out_tongue:

I suppose I was too lazy to open Outlook…

Thanks!

Spammers also simply place popular words in the subject line too. They get lots of mail opened that way.

I use a garbage Yahoo address for the web and a separate address for trusted sites. Actually, since I have my own webhost and email with a catch-all feature, I’ve started using a separate address named for the site I’ll use it at, like [email protected] for here, and never use it anywhere else. That way there’s little question about where the info came if I ever get spammed at a particular address.

This site is clean and secure imo.

The IP header can be faked just as the e-mail address if you’re not using something like a security protocol.

A server can add some fake IP address of course, but they can’t spoof their own IP because it isn’t logged on their side… The server recieving it logs it so the mail can always be traced back to an originating server…

I could put Blender Artists IP address in a fake e-mail, and I also have dedicated hosting at XYZ datacenter… Why on earth would blender Artist’s e-mail route though my dedicated hosting? isn’t that a bit odd? it is… and it’s impossible for thier mail to even route to average joe’s hosting think of all the privacy that would be violated!

An e-mail sent to @domain has a specific IP to go to… It may have to bounce through a couple of routers but it will sure as hell wont go though someone else’s hosting. Their IP will be logged and they will be caught! Spoofing is usless here!

It’s great how enthustiastic you all are in explaining message headers and the like, but that is precisely what daredemo is not talking about.

Here is what he has said:

-He recieved a spam email at address that only blenderartists knows.
-The spam email was keyworded “blender”

So, the headers have nothing to do with it because the email was not sent from an @blenderartists.com address. However, somehow his email address was obtained from the blenderartists database.

Either:
a) Daredemo posted his email address somewhere else in association with blender (he says this is not the case).
b) The spammer guessed his email address, and happened to keyword it “blender” (unlikely)
c) His ISP gave/sold the email address to spammers (suprisingly likely?)
d) blenderartists gave/sold the email address to spammers (BgDM says this is not the case, I’m inclined to believe him)

Ok, thats it from me, feel free to go off on a tangent again.

You all know theres this outdated term for “blender”… but i cant remember what it was for…

Maybe his e-mail address has the word “blender” in it… we dont know… maybe… just maybe the poster has gone compleatly insane and dreamt the whole thing… maybe we’re all just insane…

Maybe the contents of the e-mail said “buy our super dooper blendering machine” Maybe it said “A user has sent you a private message on blender artists.com”…

So little said… so much to know…

http://www.seenontvproducts.net/ultimatechopperblender/Ultimate%20Chopper%20Blender.jpg

Nice recovery. I’ll give it a 2.

Spammers use all kinds of tools and ways to spam us, I dont think these guys here are involved 1 bit. We are nerds, not spammers.

No, he said BlenderArtists is the only blender-related entity that knows the email address. He said nothing about anyone non-blender-related that knowing or not knowing the address. Given this,

Seems the most likely. Spammers will pull random words from dictionaries in an attempt to bypass Bayesian filtering. “Blender” is a word in the dictionary. If daredemo gets a large enough amount of other spam on that email account (again, he hasn’t said either way), from other places he’s (potentially) used that email address, then it’s possible, even likely, that one will turn up with “blender” in the subject line (about as likely as one turning up with “toaster” or “microwave”).

I see coincidence where you see causation. Cum hoc ergo propter hoc is a fallacy, after all.

[quote=Enriq766;706765We are nerds, not spammers.[/quote]

Speak for yourself. A nerd is someone who’s life consists of computers, technology and few other things. I’m sure most of us DO have a social life beyond the scope of the internet.

Well, that’s not completely accurate. Though I don’t intimately know all the particulars, you can get around some of this by using a maligned smtp redirector and spoof both the source address as well as the server address. Or attack a vulnerable smtp server/service and then have your spam appear to come from a valid source address. The primary email originator is then hidden.

http://www.securityfocus.com/infocus/1674
and
http://www.securityfocus.com/bid/19517/discuss
and
http://www.kb.cert.org/vuls/id/814617
and
http://www.us-cert.gov/cas/body/bulletins/SB04-147.pdf

There is more, the bottom line being “its possible”. Since we have to rely on each and every host having all security patches applied so a spammer can’t use their system. AND, said spammers not deploying ghost smtp servers for short bursts of relay traffic.